This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git
The following commit(s) were added to refs/heads/master by this push:
new 82de5396 Fix oss-fuzz 51980
82de5396 is described below
commit 82de5396e26f4ddc22545057bcd7aac589797452
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Nov 15 13:49:32 2022 +0000
Fix oss-fuzz 51980
Ensure Code attributes with invalid sizes trigger a
ClassFormatException.
---
src/changes/changes.xml | 5 +++--
src/main/java/org/apache/bcel/classfile/Code.java | 3 +++
src/test/java/org/apache/bcel/OssFuzzTestCase.java | 5 +++++
src/test/resources/ossfuzz/issue51980/Test.class | Bin 0 -> 54 bytes
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 17d6a984..05648e94 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -70,8 +70,9 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="ggregory" due-to="Mark Roberts,
Gary Gregory">Fix code duplication in
org.apache.bcel.verifier.structurals.ExceptionHandlers.ExceptionHandlers(MethodGen).</action>
<action type="fix" dev="ggregory" due-to="Sam Ng, Gary
Gregory">Improve test coverage to bcel/generic and UtilityTest #162.</action>
<action type="fix" dev="ggregory" due-to="nbauma109,
Gary Gregory">Code coverage and unit tests on the verifier #166.</action>
- <action type="fix" dev="markt"
due-to="OSS-Fuzz">References to constant pool entries that are not of the
expected type should throw ClassFormatException, not ClassCastException</action>
- <action type="fix" dev="markt" due-to="OSS-Fuzz">When
parsing an invalid class, ensure ClassParser.parse() throws
ClassFormatException, not IllegalArgumentException</action>
+ <action type="fix" dev="markt"
due-to="OSS-Fuzz">References to constant pool entries that are not of the
expected type should throw ClassFormatException, not
ClassCastException.</action>
+ <action type="fix" dev="markt" due-to="OSS-Fuzz">When
parsing an invalid class, ensure ClassParser.parse() throws
ClassFormatException, not IllegalArgumentException.</action>
+ <action type="fix" dev="markt" due-to="OSS-Fuzz">Ensure
Code attributes with invalid sizes trigger a ClassFormatException.</action>
<!-- UPDATE -->
<action type="update" dev="ggregory" due-to="Gary
Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
</release>
diff --git a/src/main/java/org/apache/bcel/classfile/Code.java
b/src/main/java/org/apache/bcel/classfile/Code.java
index 4fe0fd0f..6afb44f9 100644
--- a/src/main/java/org/apache/bcel/classfile/Code.java
+++ b/src/main/java/org/apache/bcel/classfile/Code.java
@@ -63,6 +63,9 @@ public final class Code extends Attribute {
// Initialize with some default values which will be overwritten later
this(nameIndex, length, file.readUnsignedShort(),
file.readUnsignedShort(), (byte[]) null, (CodeException[]) null, (Attribute[])
null, constantPool);
final int codeLength = file.readInt();
+ if (codeLength < 1 || codeLength > 65535) {
+ throw new ClassFormatException("Invalid length " + codeLength + "
for Code attribute. Must be greater than zero and less than 65536.");
+ }
code = new byte[codeLength]; // Read byte code
file.readFully(code);
/*
diff --git a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
index 0df9fc97..dacf64f6 100644
--- a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
+++ b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
@@ -27,6 +27,11 @@ import org.junit.jupiter.api.Test;
public class OssFuzzTestCase {
+ @Test
+ public void testIssue51980() throws Exception {
+ testOssFuzzReproducer("51980");
+ }
+
@Test
public void testIssue51989() throws Exception {
testOssFuzzReproducer("51989");
diff --git a/src/test/resources/ossfuzz/issue51980/Test.class
b/src/test/resources/ossfuzz/issue51980/Test.class
new file mode 100644
index 00000000..314e0945
Binary files /dev/null and b/src/test/resources/ossfuzz/issue51980/Test.class
differ
