You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by ma...@apache.org on 2022/11/15 11:34:34 UTC

[commons-bcel] branch master updated: Fix oss-fuzz issue 51989

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git


The following commit(s) were added to refs/heads/master by this push:
     new 4bde63f2 Fix oss-fuzz issue 51989
4bde63f2 is described below

commit 4bde63f27a913ddee5d4f329a68dbf1bcbed9e9c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Nov 15 11:34:26 2022 +0000

    Fix oss-fuzz issue 51989
    
    When parsing an invalid class, ensure ClassParser.parse() throws
    ClassFormatException, not IllegalArgumentException
---
 src/changes/changes.xml                                  |   1 +
 src/main/java/org/apache/bcel/classfile/ClassParser.java |   2 ++
 src/test/java/org/apache/bcel/OssFuzzTestCase.java       |   6 ++++++
 src/test/resources/ossfuzz/issue51989/Test.class         | Bin 0 -> 88 bytes
 4 files changed, 9 insertions(+)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index b890402a..1780b2bf 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -69,6 +69,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action                  type="fix" dev="ggregory" due-to="Sam Ng, Gary Gregory">Improve test coverage to bcel/generic and UtilityTest #162.</action>
       <action                  type="fix" dev="ggregory" due-to="nbauma109, Gary Gregory">Code coverage and unit tests on the verifier #166.</action>
       <action                  type="fix" dev="markt" due-to="OSS-Fuzz">References to constant pool entries that are not of the expected type should throw ClassFormatException, not ClassCastException</action>
+      <action                  type="fix" dev="markt" due-to="OSS-Fuzz">When parsing an invalid class, ensure ClassParser.parse() throws ClassFormatException, not IllegalArgumentException</action>
       <!-- UPDATE -->
       <action                  type="update" dev="ggregory" due-to="Gary Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
     </release>
diff --git a/src/main/java/org/apache/bcel/classfile/ClassParser.java b/src/main/java/org/apache/bcel/classfile/ClassParser.java
index 6de11dd4..4b92ed9b 100644
--- a/src/main/java/org/apache/bcel/classfile/ClassParser.java
+++ b/src/main/java/org/apache/bcel/classfile/ClassParser.java
@@ -155,6 +155,8 @@ public final class ClassParser {
             // System.err.println(bytes + " extra bytes: " + Utility.toHexString(buf));
             // }
             // }
+        } catch (IllegalArgumentException e) {
+            throw new ClassFormatException(e.getMessage(), e);
         } finally {
             // Read everything of interest, so close the file
             if (fileOwned) {
diff --git a/src/test/java/org/apache/bcel/OssFuzzTestCase.java b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
index 69974e67..7f9dbfcf 100644
--- a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
+++ b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
@@ -27,6 +27,12 @@ import org.junit.jupiter.api.Test;
 
 public class OssFuzzTestCase {
 
+    @Test
+    public void testIssue51989() throws Exception {
+        testOssFuzzReproducer("51989");
+    }
+
+
     @Test
     public void testIssue52168() throws Exception {
         testOssFuzzReproducer("52168");
diff --git a/src/test/resources/ossfuzz/issue51989/Test.class b/src/test/resources/ossfuzz/issue51989/Test.class
new file mode 100644
index 00000000..cce2039d
Binary files /dev/null and b/src/test/resources/ossfuzz/issue51989/Test.class differ