[jira] [Created] (BCEL-337) StringIndexOutOfBounds in Pass 2 Verification of empty method names in the constant pool

Wed, 06 May 2020 16:14:26 -0700 

Luís Pina created BCEL-337:
------------------------------

             Summary: StringIndexOutOfBounds in Pass 2 Verification of empty 
method names in the constant pool
                 Key: BCEL-337
                 URL: https://issues.apache.org/jira/browse/BCEL-337
             Project: Commons BCEL
          Issue Type: Bug
          Components: Verifier
    Affects Versions: 6.4.1
            Reporter: Luís Pina
         Attachments: A.class

The verifier throws a StringOutOfBoundsException in pass 2 when verifying a 
malformed class file.  It seems that this is related with the constant pool 
verifier assuming that method names are never empty.

 

*Steps to Reproduce:*

Save the attached file as "example/A.class" and run:

java -cp <classpath> org.apache.bcel.verifier.Verifier example.A

 

The class file was generated automatically by a fuzzing tool.

 

*Expected Output:*

{{VERIFIED_REJECTED}}

 

*Observed Output:*
 {{JustIce by Enver Haase, (C) 2001-2002.}}
{{ <[http://bcel.sourceforge.net|http://bcel.sourceforge.net/]>}}
{{ <[https://commons.apache.org/bcel]>}}

{{Now verifying: example.A}}

{{Pass 1:}}
{{ VERIFIED_OK}}
{{ Passed verification.}}

{{Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String 
index out of range: 0}}
{{ at java.lang.String.charAt(String.java:658)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier.validJavaLangMethodName(Pass2Verifier.java:1458)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier.validMethodName(Pass2Verifier.java:1432)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier.access$300(Pass2Verifier.java:85)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.visitMethod(Pass2Verifier.java:624)}}
{{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
{{ at 
org.apache.bcel.classfile.DescendingVisitor.visitMethod(DescendingVisitor.java:158)}}
{{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
{{ at 
org.apache.bcel.classfile.DescendingVisitor.visitJavaClass(DescendingVisitor.java:98)}}
{{ at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:213)}}
{{ at 
org.apache.bcel.classfile.DescendingVisitor.visit(DescendingVisitor.java:84)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:360)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:316)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier.constant_pool_entries_satisfy_static_constraints(Pass2Verifier.java:301)}}
{{ at 
org.apache.bcel.verifier.statics.Pass2Verifier.do_verify(Pass2Verifier.java:160)}}
{{ at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:70)}}
{{ at org.apache.bcel.verifier.Verifier.doPass2(Verifier.java:75)}}
{{ at org.apache.bcel.verifier.Verifier.verifyType(Verifier.java:221)}}
{{ at org.apache.bcel.verifier.Verifier.main(Verifier.java:206)}}

 

 

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to