[jira] [Commented] (BCEL-337) StringIndexOutOfBounds in Pass 2 Verification of empty method names in the constant pool

Wed, 16 Mar 2022 09:26:07 -0700 


    [ 
https://issues.apache.org/jira/browse/BCEL-337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17507712#comment-17507712
 ] 

Mark Roberts commented on BCEL-337:
-----------------------------------

Fixed with https://github.com/apache/commons-bcel/pull/117

> StringIndexOutOfBounds in Pass 2 Verification of empty method names in the 
> constant pool
> ----------------------------------------------------------------------------------------
>
>                 Key: BCEL-337
>                 URL: https://issues.apache.org/jira/browse/BCEL-337
>             Project: Commons BCEL
>          Issue Type: Bug
>          Components: Verifier
>    Affects Versions: 6.4.1
>            Reporter: Luís Pina
>            Priority: Major
>         Attachments: A.class
>
>
> The verifier throws a StringOutOfBoundsException in pass 2 when verifying a 
> malformed class file.  It seems that this is related with the constant pool 
> verifier assuming that method names are never empty.
>  
> *Steps to Reproduce:*
> Save the attached file as "example/A.class" and run:
> java -cp <classpath> org.apache.bcel.verifier.Verifier example.A
>  
> The class file was generated automatically by a fuzzing tool.
>  
> *Expected Output:*
> {{VERIFIED_REJECTED}}
>  
> *Observed Output:*
>  {{JustIce by Enver Haase, (C) 2001-2002.}}
> {{ <[http://bcel.sourceforge.net|http://bcel.sourceforge.net/]>}}
> {{ <[https://commons.apache.org/bcel]>}}
> {{Now verifying: example.A}}
> {{Pass 1:}}
> {{ VERIFIED_OK}}
> {{ Passed verification.}}
> {{Exception in thread "main" java.lang.StringIndexOutOfBoundsException: 
> String index out of range: 0}}
> {{ at java.lang.String.charAt(String.java:658)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier.validJavaLangMethodName(Pass2Verifier.java:1458)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier.validMethodName(Pass2Verifier.java:1432)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier.access$300(Pass2Verifier.java:85)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.visitMethod(Pass2Verifier.java:624)}}
> {{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
> {{ at 
> org.apache.bcel.classfile.DescendingVisitor.visitMethod(DescendingVisitor.java:158)}}
> {{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
> {{ at 
> org.apache.bcel.classfile.DescendingVisitor.visitJavaClass(DescendingVisitor.java:98)}}
> {{ at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:213)}}
> {{ at 
> org.apache.bcel.classfile.DescendingVisitor.visit(DescendingVisitor.java:84)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:360)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:316)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier.constant_pool_entries_satisfy_static_constraints(Pass2Verifier.java:301)}}
> {{ at 
> org.apache.bcel.verifier.statics.Pass2Verifier.do_verify(Pass2Verifier.java:160)}}
> {{ at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:70)}}
> {{ at org.apache.bcel.verifier.Verifier.doPass2(Verifier.java:75)}}
> {{ at org.apache.bcel.verifier.Verifier.verifyType(Verifier.java:221)}}
> {{ at org.apache.bcel.verifier.Verifier.main(Verifier.java:206)}}
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to