rootvector2 opened a new pull request, #505: URL: https://github.com/apache/commons-bcel/pull/505
`ConstantDynamic(DataInput)` reads `bootstrap_method_attr_index` and `name_and_type_index` with `readShort()`, so a `CONSTANT_Dynamic` entry whose index is `0x8000` or higher in an untrusted class sign-extends to a negative value that `getBootstrapMethodAttrIndex()`/`getNameAndTypeIndex()` then hand back as a constant-pool index. Both fields are u2 and the sibling `ConstantInvokeDynamic` already reads them with `readUnsignedShort()`. Found while sweeping the constant-pool parsers for signed reads of unsigned operands; switch the two reads to `readUnsignedShort()` to match. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
