Verifier throws OOB on malformed input instead of reporting verification failure.

Steps to reproduce:

 

Save the attached file as "Hello.class" and run:

java -cp <classpath> org.apache.bcel.verifier.Verifier Hello

 

The file Hello.class was generated automatically by the fuzzer JQF (https://github.com/rohanpadhye/jqf).

Expected output:

VERIFIED_REJECTED

Observed output:

JustIce by Enver Haase, (C) 2001-2002.

<http://bcel.sourceforge.net>

<http://commons.apache.org/bcel>

 

Now verifying: Hello

 

Pass 1:

VERIFIED_OK

Passed verification.

 

Pass 2:

VERIFIED_OK

Passed verification.

 

Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -73

at org.apache.bcel.Const.getTypeName(Const.java:1799)

at org.apache.bcel.generic.NEWARRAY.toString(NEWARRAY.java:90)

at org.apache.bcel.generic.Instruction.toString(Instruction.java:101)

at java.lang.String.valueOf(String.java:2994)

at java.lang.StringBuilder.append(StringBuilder.java:131)

at org.apache.bcel.verifier.statics.Pass3aVerifier$InstOperandConstraintVisitor.constraintViolated(Pass3aVerifier.java:499)

at org.apache.bcel.verifier.statics.Pass3aVerifier$InstOperandConstraintVisitor.visitNEWARRAY(Pass3aVerifier.java:835)

at org.apache.bcel.generic.NEWARRAY.accept(NEWARRAY.java:125)

at org.apache.bcel.generic.InstructionHandle.accept(InstructionHandle.java:302)

at org.apache.bcel.verifier.statics.Pass3aVerifier.pass3StaticInstructionOperandsChecks(Pass3aVerifier.java:443)

at org.apache.bcel.verifier.statics.Pass3aVerifier.do_verify(Pass3aVerifier.java:208)

at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:71)

at org.apache.bcel.verifier.Verifier.doPass3a(Verifier.java:8