Uploaded image for project: 'Commons BCEL'
  1. Commons BCEL
  2. BCEL-337

StringIndexOutOfBounds in Pass 2 Verification of empty method names in the constant pool

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.4.1
    • 6.8.0
    • Verifier
    • None

    Description

      The verifier throws a StringOutOfBoundsException in pass 2 when verifying a malformed class file.  It seems that this is related with the constant pool verifier assuming that method names are never empty.

       

      Steps to Reproduce:

      Save the attached file as "example/A.class" and run:

      java -cp <classpath> org.apache.bcel.verifier.Verifier example.A

       

      The class file was generated automatically by a fuzzing tool.

       

      Expected Output:

      VERIFIED_REJECTED

       

      Observed Output:
      JustIce by Enver Haase, (C) 2001-2002.
      {{ <http://bcel.sourceforge.net>}}
      {{ <https://commons.apache.org/bcel>}}

      Now verifying: example.A

      Pass 1:
      {{ VERIFIED_OK}}
      {{ Passed verification.}}

      Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: 0
      {{ at java.lang.String.charAt(String.java:658)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier.validJavaLangMethodName(Pass2Verifier.java:1458)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier.validMethodName(Pass2Verifier.java:1432)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier.access$300(Pass2Verifier.java:85)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.visitMethod(Pass2Verifier.java:624)}}
      {{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
      {{ at org.apache.bcel.classfile.DescendingVisitor.visitMethod(DescendingVisitor.java:158)}}
      {{ at org.apache.bcel.classfile.Method.accept(Method.java:108)}}
      {{ at org.apache.bcel.classfile.DescendingVisitor.visitJavaClass(DescendingVisitor.java:98)}}
      {{ at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:213)}}
      {{ at org.apache.bcel.classfile.DescendingVisitor.visit(DescendingVisitor.java:84)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:360)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier$CPESSC_Visitor.<init>(Pass2Verifier.java:316)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier.constant_pool_entries_satisfy_static_constraints(Pass2Verifier.java:301)}}
      {{ at org.apache.bcel.verifier.statics.Pass2Verifier.do_verify(Pass2Verifier.java:160)}}
      {{ at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:70)}}
      {{ at org.apache.bcel.verifier.Verifier.doPass2(Verifier.java:75)}}
      {{ at org.apache.bcel.verifier.Verifier.verifyType(Verifier.java:221)}}
      {{ at org.apache.bcel.verifier.Verifier.main(Verifier.java:206)}}

       

       

       

       

      Attachments

        1. A.class
          0.2 kB
          Luís Pina

        Activity

          People

            Unassigned Unassigned
            luispina Luís Pina
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: