On Fri, 26 Apr 2024 13:34:08 GMT, Adam Sotona wrote:
>> ClassFile API dives into the nested constant pool entries without type
>> restrictions, while parsing a class file. Validation of the entry is
>> performed post-parsing. Specifically corrupted constant pool entry may cause
>> infinite loo
> ClassFile API dives into the nested constant pool entries without type
> restrictions, while parsing a class file. Validation of the entry is
> performed post-parsing. Specifically corrupted constant pool entry may cause
> infinite loop during parsing and throws SOE.
> This patch resolves the
On Fri, 26 Apr 2024 07:43:01 GMT, Adam Sotona wrote:
>> ClassFile API dives into the nested constant pool entries without type
>> restrictions, while parsing a class file. Validation of the entry is
>> performed post-parsing. Specifically corrupted constant pool entry may cause
>> infinite loo
On Thu, 25 Apr 2024 20:16:09 GMT, Paul Sandoz wrote:
> It could be two tags, a lower and upper bound, because TAG_FIELDREF,
> TAG_METHODREF, and TAG_INTERFACEMETHODREF are consecutive values (9 to 11).
OK, I've implemented it with lower and upper bound tags. Thanks!
-
PR Comment:
> ClassFile API dives into the nested constant pool entries without type
> restrictions, while parsing a class file. Validation of the entry is
> performed post-parsing. Specifically corrupted constant pool entry may cause
> infinite loop during parsing and throws SOE.
> This patch resolves the
On Thu, 25 Apr 2024 00:51:41 GMT, Adam Sotona wrote:
> Unfortunately it would have to be an expected tags list or an extra
> constructed bit mask, due to the multiple tags allowed for MemberRefEntry and
> it would slightly affect the performance.
Ah yes, i missed that. It could be two tags, a
On Wed, 24 Apr 2024 21:52:11 GMT, Paul Sandoz wrote:
> Rather than duplicating some checks I wonder if it is possible to add a
> private method `entryByIndex(int index, int expectedTag)` that the existing
> `entryByIndex` defers to. If the `expectedTag` is non-negative then it checks
> `tag` a
On Tue, 23 Apr 2024 07:39:47 GMT, Adam Sotona wrote:
> ClassFile API dives into the nested constant pool entries without type
> restrictions, while parsing a class file. Validation of the entry is
> performed post-parsing. Specifically corrupted constant pool entry may cause
> infinite loop du
ClassFile API dives into the nested constant pool entries without type
restrictions, while parsing a class file. Validation of the entry is performed
post-parsing. Specifically corrupted constant pool entry may cause infinite
loop during parsing and throws SOE.
This patch resolves the issue by p
