This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git
The following commit(s) were added to refs/heads/master by this push:
new de5c093a org.apache.bcel.classfile.ConstantValue constructors now
throw ClassFormatException on invalid length input
de5c093a is described below
commit de5c093a8eadcb2b1b18547ba3785d60ac1c64c0
Author: Gary David Gregory (Code signing key) <ggreg...@apache.org>
AuthorDate: Tue Nov 15 11:21:35 2022 -0500
org.apache.bcel.classfile.ConstantValue constructors now throw
ClassFormatException on invalid length input
---
src/changes/changes.xml | 1 +
.../org/apache/bcel/classfile/ConstantValue.java | 3 ++-
src/main/java/org/apache/bcel/util/Args.java | 20 ++++++++++++++++----
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index f0b8a76b..79fc98e9 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -75,6 +75,7 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="markt" due-to="OSS-Fuzz">Ensure
Code attributes with invalid sizes trigger a ClassFormatException.</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">org.apache.bcel.classfile.Deprecated constructors now throw
ClassFormatException on invalid length input.</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">org.apache.bcel.classfile.Attribute constructors now throw
ClassFormatException on invalid name index input.</action>
+ <action type="fix" dev="ggregory" due-to="Gary
Gregory">org.apache.bcel.classfile.ConstantValue constructors now throw
ClassFormatException on invalid length input.</action>
<!-- UPDATE -->
<action type="update" dev="ggregory" due-to="Gary
Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
</release>
diff --git a/src/main/java/org/apache/bcel/classfile/ConstantValue.java
b/src/main/java/org/apache/bcel/classfile/ConstantValue.java
index 00b06507..50058ba5 100644
--- a/src/main/java/org/apache/bcel/classfile/ConstantValue.java
+++ b/src/main/java/org/apache/bcel/classfile/ConstantValue.java
@@ -21,6 +21,7 @@ import java.io.DataOutputStream;
import java.io.IOException;
import org.apache.bcel.Const;
+import org.apache.bcel.util.Args;
/**
* This class is derived from <em>Attribute</em> and represents a constant
value, i.e., a default value for initializing
@@ -60,7 +61,7 @@ public final class ConstantValue extends Attribute {
* @param constantPool Array of constants
*/
public ConstantValue(final int nameIndex, final int length, final int
constantValueIndex, final ConstantPool constantPool) {
- super(Const.ATTR_CONSTANT_VALUE, nameIndex, length, constantPool);
+ super(Const.ATTR_CONSTANT_VALUE, nameIndex, Args.require(2, length,
"Invalid constant value attribute length"), constantPool);
this.constantValueIndex = constantValueIndex;
}
diff --git a/src/main/java/org/apache/bcel/util/Args.java
b/src/main/java/org/apache/bcel/util/Args.java
index 7b85e885..ae654487 100644
--- a/src/main/java/org/apache/bcel/util/Args.java
+++ b/src/main/java/org/apache/bcel/util/Args.java
@@ -27,6 +27,21 @@ import org.apache.bcel.classfile.ClassFormatException;
*/
public class Args {
+ /**
+ * Requires a specific value.
+ *
+ * @param value The value to test.
+ * @param required The required value.
+ * @param message The message prefix
+ * @return The value to test.
+ */
+ public static int require(final int value, final int required, final
String message) {
+ if (value != required) {
+ throw new ClassFormatException(String.format("%s [Value must be 0:
%,d]", message, value));
+ }
+ return value;
+ }
+
/**
* Requires a non-0 value.
*
@@ -35,10 +50,7 @@ public class Args {
* @return The value to test.
*/
public static int require0(final int value, final String message) {
- if (value != 0) {
- throw new ClassFormatException(String.format("%s [Value must be 0:
%,d]", message, value));
- }
- return value;
+ return require(value, 0, message);
}
/**
