Description
Verifier throws ClassCastException on malformed input instead of reporting verification failure.
Steps to reproduce:
Save the attached file as "Hello.class" and run:
java -cp <classpath> org.apache.bcel.verifier.Verifier Hello
The file Hello.class was generated automatically by the fuzzer JQF (https://github.com/rohanpadhye/jqf).
Expected output:
VERIFIED_REJECTED
Observed output:
JustIce by Enver Haase, (C) 2001-2002.
<http://commons.apache.org/bcel>
Now verifying: Hello
Pass 1:
VERIFIED_OK
Passed verification.
Exception in thread "main" java.lang.ClassCastException: Illegal constant 'CONSTANT_Class[7](name_index = 21)' at index '5'. '<<Method>>' expects a 'class org.apache.bcel.classfile.ConstantUtf8'.
at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.checkIndex(Pass2Verifier.java:372)
at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.visitMethod(Pass2Verifier.java:622)
at org.apache.bcel.classfile.Method.accept(Method.java:108)
at org.apache.bcel.classfile.DescendingVisitor.visitMethod(DescendingVisitor.java:159)
at org.apache.bcel.classfile.Method.accept(Method.java:108)
at org.apache.bcel.classfile.DescendingVisitor.visitJavaClass(DescendingVisitor.java:99)
at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:213)
at org.apache.bcel.classfile.DescendingVisitor.visit(DescendingVisitor.java:85)
at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:361)
at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:317)
at org.apache.bcel.verifier.statics.Pass2Verifier.constant_pool_entries_satisfy_static_constraints(Pass2Verifier.java:302)
at org.apache.bcel.verifier.statics.Pass2Verifier.do_verify(Pass2Verifier.java:161)
at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:71)
at org.apache.bcel.verifier.Verifier.doPass2(Verifier.java:76)
at org.apache.bcel.verifier.Verifier.main(Verifier.java:211)