This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git
The following commit(s) were added to refs/heads/master by this push:
new 26a730fa Fix oss-fuzz issue 52168
26a730fa is described below
commit 26a730fa81e0f54833cdea4dcc4310bf172323d5
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Nov 15 09:43:56 2022 +0000
Fix oss-fuzz issue 52168
References to constant pool entries that are not of the expected type
should throw ClassFormatException, not ClassCastException
---
src/changes/changes.xml | 1 +
.../org/apache/bcel/classfile/ConstantPool.java | 6 ++-
src/test/java/org/apache/bcel/OssFuzzTestCase.java | 43 +++++++++++++++++++++
src/test/resources/ossfuzz/issue52168/Test.class | Bin 0 -> 61 bytes
4 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 190f8685..b890402a 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -68,6 +68,7 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="ggregory" due-to="Mark Roberts,
Gary Gregory">Fix code duplication in
org.apache.bcel.verifier.structurals.ExceptionHandlers.ExceptionHandlers(MethodGen).</action>
<action type="fix" dev="ggregory" due-to="Sam Ng, Gary
Gregory">Improve test coverage to bcel/generic and UtilityTest #162.</action>
<action type="fix" dev="ggregory" due-to="nbauma109,
Gary Gregory">Code coverage and unit tests on the verifier #166.</action>
+ <action type="fix" dev="markt"
due-to="OSS-Fuzz">References to constant pool entries that are not of the
expected type should throw ClassFormatException, not ClassCastException</action>
<!-- UPDATE -->
<action type="update" dev="ggregory" due-to="Gary
Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
</release>
diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
index 48166834..05bf8674 100644
--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
+++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
@@ -301,8 +301,12 @@ public class ConstantPool implements Cloneable, Node,
Iterable<Constant> {
*/
public <T extends Constant> T getConstant(final int index, final Class<T>
castTo) throws ClassFormatException {
if (index >= constantPool.length || index < 0) {
- throw new ClassFormatException("Invalid constant pool reference: "
+ index + ". Constant pool size is: " + constantPool.length);
+ throw new ClassFormatException("Invalid constant pool reference
using index: " + index + ". Constant pool size is: " + constantPool.length);
}
+ if (constantPool[index] != null &&
!castTo.isAssignableFrom(constantPool[index].getClass())) {
+ throw new ClassFormatException("Invalid constant pool reference at
index: " + index + ". Expected " + castTo + " but was " +
constantPool[index].getClass());
+ }
+ // Previous check ensures this won't throw a ClassCastException
final T c = castTo.cast(constantPool[index]);
if (c == null
// the 0th element is always null
diff --git a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
new file mode 100644
index 00000000..69974e67
--- /dev/null
+++ b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.bcel;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.File;
+import java.io.FileInputStream;
+
+import org.apache.bcel.classfile.ClassFormatException;
+import org.apache.bcel.classfile.ClassParser;
+import org.junit.jupiter.api.Test;
+
+public class OssFuzzTestCase {
+
+ @Test
+ public void testIssue52168() throws Exception {
+ testOssFuzzReproducer("52168");
+ }
+
+
+ private void testOssFuzzReproducer(String issue) throws Exception {
+ File reproducerFile = new File("target/test-classes/ossfuzz/issue" +
issue + "/Test.class");
+ FileInputStream reproducerInputStream = new
FileInputStream(reproducerFile);
+
+ ClassParser cp = new ClassParser(reproducerInputStream, "Test");
+ assertThrows(ClassFormatException.class, () -> cp.parse());
+ }
+}
diff --git a/src/test/resources/ossfuzz/issue52168/Test.class
b/src/test/resources/ossfuzz/issue52168/Test.class
new file mode 100644
index 00000000..e92207bc
Binary files /dev/null and b/src/test/resources/ossfuzz/issue52168/Test.class
differ
