Uploaded image for project: 'Commons BCEL'
  1. Commons BCEL
  2. BCEL-311

ClassCastException in Verifier Pass 2

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.2
    • None
    • Verifier
    • None

    Description

      Verifier throws ClassCastException on malformed input instead of reporting verification failure.

      Steps to reproduce:

       

      Save the attached file as "Hello.class" and run:

      java -cp <classpath> org.apache.bcel.verifier.Verifier Hello

       

      The file Hello.class was generated automatically by the fuzzer JQF (https://github.com/rohanpadhye/jqf).

      Expected output:

      VERIFIED_REJECTED

      Observed output:

      JustIce by Enver Haase, (C) 2001-2002.

      <http://bcel.sourceforge.net>

      <http://commons.apache.org/bcel>

       

      Now verifying: Hello

       

      Pass 1:

      VERIFIED_OK

      Passed verification.

       

      Exception in thread "main" java.lang.ClassCastException: Illegal constant 'CONSTANT_Class[7](name_index = 21)' at index '5'. '<<Method>>' expects a 'class org.apache.bcel.classfile.ConstantUtf8'.

      at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.checkIndex(Pass2Verifier.java:372)

      at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.visitMethod(Pass2Verifier.java:622)

      at org.apache.bcel.classfile.Method.accept(Method.java:108)

      at org.apache.bcel.classfile.DescendingVisitor.visitMethod(DescendingVisitor.java:159)

      at org.apache.bcel.classfile.Method.accept(Method.java:108)

      at org.apache.bcel.classfile.DescendingVisitor.visitJavaClass(DescendingVisitor.java:99)

      at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:213)

      at org.apache.bcel.classfile.DescendingVisitor.visit(DescendingVisitor.java:85)

      at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:361)

      at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:317)

      at org.apache.bcel.verifier.statics.Pass2Verifier.constant_pool_entries_satisfy_static_constraints(Pass2Verifier.java:302)

      at org.apache.bcel.verifier.statics.Pass2Verifier.do_verify(Pass2Verifier.java:161)

      at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:71)

      at org.apache.bcel.verifier.Verifier.doPass2(Verifier.java:76)

      at org.apache.bcel.verifier.Verifier.main(Verifier.java:211)

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            rohanpadhye Rohan Padhye

            Dates

              Created:
              Updated:

              Slack

                Issue deployment