This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git
The following commit(s) were added to refs/heads/master by this push:
new 4bde63f2 Fix oss-fuzz issue 51989
4bde63f2 is described below
commit 4bde63f27a913ddee5d4f329a68dbf1bcbed9e9c
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Nov 15 11:34:26 2022 +0000
Fix oss-fuzz issue 51989
When parsing an invalid class, ensure ClassParser.parse() throws
ClassFormatException, not IllegalArgumentException
---
src/changes/changes.xml | 1 +
src/main/java/org/apache/bcel/classfile/ClassParser.java | 2 ++
src/test/java/org/apache/bcel/OssFuzzTestCase.java | 6 ++++++
src/test/resources/ossfuzz/issue51989/Test.class | Bin 0 -> 88 bytes
4 files changed, 9 insertions(+)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index b890402a..1780b2bf 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -69,6 +69,7 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="ggregory" due-to="Sam Ng, Gary
Gregory">Improve test coverage to bcel/generic and UtilityTest #162.</action>
<action type="fix" dev="ggregory" due-to="nbauma109,
Gary Gregory">Code coverage and unit tests on the verifier #166.</action>
<action type="fix" dev="markt"
due-to="OSS-Fuzz">References to constant pool entries that are not of the
expected type should throw ClassFormatException, not ClassCastException</action>
+ <action type="fix" dev="markt" due-to="OSS-Fuzz">When
parsing an invalid class, ensure ClassParser.parse() throws
ClassFormatException, not IllegalArgumentException</action>
<!-- UPDATE -->
<action type="update" dev="ggregory" due-to="Gary
Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
</release>
diff --git a/src/main/java/org/apache/bcel/classfile/ClassParser.java
b/src/main/java/org/apache/bcel/classfile/ClassParser.java
index 6de11dd4..4b92ed9b 100644
--- a/src/main/java/org/apache/bcel/classfile/ClassParser.java
+++ b/src/main/java/org/apache/bcel/classfile/ClassParser.java
@@ -155,6 +155,8 @@ public final class ClassParser {
// System.err.println(bytes + " extra bytes: " +
Utility.toHexString(buf));
// }
// }
+ } catch (IllegalArgumentException e) {
+ throw new ClassFormatException(e.getMessage(), e);
} finally {
// Read everything of interest, so close the file
if (fileOwned) {
diff --git a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
index 69974e67..7f9dbfcf 100644
--- a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
+++ b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
@@ -27,6 +27,12 @@ import org.junit.jupiter.api.Test;
public class OssFuzzTestCase {
+ @Test
+ public void testIssue51989() throws Exception {
+ testOssFuzzReproducer("51989");
+ }
+
+
@Test
public void testIssue52168() throws Exception {
testOssFuzzReproducer("52168");
diff --git a/src/test/resources/ossfuzz/issue51989/Test.class
b/src/test/resources/ossfuzz/issue51989/Test.class
new file mode 100644
index 00000000..cce2039d
Binary files /dev/null and b/src/test/resources/ossfuzz/issue51989/Test.class
differ
