Makes sense I think, thank you Mark. Gary
On Tue, Nov 22, 2022, 08:41 Mark Thomas <ma...@apache.org> wrote: > On 22/11/2022 13:10, Gary D. Gregory wrote: > > I am concerned that the recent fixes we've made through OSS fuzz and > code inspection to validate input are semantically incorrect: The verifier > should catch these errors, not the construction of Java objects. This could > be a case where fuzzing and low-level code inspections only appear to find > issues but are ignorant of the usage context. > > > > Thoughts? > > My understanding of the Javadocs was that these changes are consistent > with the documented behaviour. > > ClassParser.parse() throws ClassFormatException if the class file is > malformed. I think all the recent changes come under this heading. > > Verification is (mostly) concerned with the byte code in Code > attributes. Those are opaue to the parser. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
