Description
The verifier throws a StringOutOfBoundsException in pass 2 when verifying a malformed class file. It seems that this is related with the constant pool verifier assuming that method names are never empty.
Steps to Reproduce:
Save the attached file as "example/A.class" and run:
java -cp <classpath> org.apache.bcel.verifier.Verifier example.A
The class file was generated automatically by a fuzzing tool.
Expected Output:
VERIFIED_REJECTED
Observed Output:
JustIce by Enver Haase, (C) 2001-2002.
{{ <http://bcel.sourceforge.net>}}
{{ <https://commons.apache.org/bcel>}}
Now verifying: example.A
Pass 1:
{{ VERIFIED_OK}}
{{ Passed verification.}}
Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: 0
{{ at java.lang.String.charAt(String.java:658)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier.validJavaLangMethodName(Pass2Verifier.java:1458)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier.validMethodName(Pass2Verifier.java:1432)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier.access$300(Pass2Verifier.java:85)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.visitMethod(Pass2Verifier.java:624)}}
{{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
{{ at org.apache.bcel.classfile.DescendingVisitor.visitMethod(DescendingVisitor.java:158)}}
{{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
{{ at org.apache.bcel.classfile.DescendingVisitor.visitJavaClass(DescendingVisitor.java:98)}}
{{ at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:213)}}
{{ at org.apache.bcel.classfile.DescendingVisitor.visit(DescendingVisitor.java:84)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:360)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:316)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier.constant_pool_entries_satisfy_static_constraints(Pass2Verifier.java:301)}}
{{ at org.apache.bcel.verifier.statics.Pass2Verifier.do_verify(Pass2Verifier.java:160)}}
{{ at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:70)}}
{{ at org.apache.bcel.verifier.Verifier.doPass2(Verifier.java:75)}}
{{ at org.apache.bcel.verifier.Verifier.verifyType(Verifier.java:221)}}
{{ at org.apache.bcel.verifier.Verifier.main(Verifier.java:206)}}