[jira] [Commented] (BCEL-307) ClassFormatException thrown in Pass 3A verification

Wed, 16 Mar 2022 09:28:05 -0700 


    [ 
https://issues.apache.org/jira/browse/BCEL-307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17507716#comment-17507716
 ] 

Mark Roberts commented on BCEL-307:
-----------------------------------

Fixed with https://github.com/apache/commons-bcel/pull/117

> ClassFormatException thrown in Pass 3A verification
> ---------------------------------------------------
>
>                 Key: BCEL-307
>                 URL: https://issues.apache.org/jira/browse/BCEL-307
>             Project: Commons BCEL
>          Issue Type: Bug
>          Components: Verifier
>    Affects Versions: 6.2
>            Reporter: Rohan Padhye
>            Priority: Major
>         Attachments: A.class
>
>
> The verifier throws a ClassFormatException during Pass 3A verification of a 
> malformed class file even though Pass 1 and Pass 2 have completed 
> successfully.
> Note that the input class file is indeed malformed, however the verifier 
> should ideally just return a verification result of REJECTED instead of 
> throwing an unchecked run-time exception.
> h1. Steps to reproduce:
>  
> Save the attached file as "example/A.class" and run:
> java -cp <classpath> org.apache.bcel.verifier.Verifier example.A
>  
> The file A.class was generated automatically by the fuzzer JQF 
> ([https://github.com/rohanpadhye/jqf]).
> h2. Expected output:
> VERIFIED_REJECTED
> h2. Observed output:
> JustIce by Enver Haase, (C) 2001-2002.
> <http://bcel.sourceforge.net>
> <http://commons.apache.org/bcel>
>  
> Now verifying: example.A
>  
> Pass 1:
> VERIFIED_OK
> Passed verification.
>  
> Pass 2:
> VERIFIED_OK
> Passed verification.
>  
> Exception in thread "main" org.apache.bcel.classfile.ClassFormatException: 
> Expected class `CONSTANT_InvokeDynamic' at index 14 and got 
> CONSTANT_Methodref[10](class_index = 13, name_and_type_index = 11)
>  at org.apache.bcel.classfile.ConstantPool.getConstant(ConstantPool.java:261)
>  at 
> org.apache.bcel.classfile.ConstantPool.constantToString(ConstantPool.java:207)
>  at org.apache.bcel.classfile.Utility.codeToString(Utility.java:373)
>  at org.apache.bcel.classfile.Utility.codeToString(Utility.java:157)
>  at org.apache.bcel.classfile.Code.toString(Code.java:306)
>  at org.apache.bcel.classfile.Code.toString(Code.java:328)
>  at java.lang.String.valueOf(String.java:2994)
>  at java.lang.StringBuilder.append(StringBuilder.java:131)
>  at 
> org.apache.bcel.verifier.statics.Pass3aVerifier.delayedPass2Checks(Pass3aVerifier.java:289)
>  at 
> org.apache.bcel.verifier.statics.Pass3aVerifier.do_verify(Pass3aVerifier.java:200)
>  at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:71)
>  at org.apache.bcel.verifier.Verifier.doPass3a(Verifier.java:89)
>  at org.apache.bcel.verifier.Verifier.main(Verifier.java:216)
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to