[commons-bcel] branch master updated: Avoid NPE and return more useful ClassFormatException

Tue, 06 Dec 2022 04:25:52 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git


The following commit(s) were added to refs/heads/master by this push:
     new 50afad50 Avoid NPE and return more useful ClassFormatException
50afad50 is described below

commit 50afad507710b27c31aa192abc9ba026b663935c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Dec 6 12:25:39 2022 +0000

    Avoid NPE and return more useful ClassFormatException
---
 src/changes/changes.xml                                   |   6 ++++++
 src/main/java/org/apache/bcel/classfile/ConstantPool.java |   2 +-
 src/test/java/org/apache/bcel/OssFuzzTestCase.java        |   5 +++++
 src/test/resources/ossfuzz/issue53676/Test.class          | Bin 0 -> 26 bytes
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 963c90b6..5a2afe36 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -62,6 +62,12 @@ The <action> type attribute can be add,update,fix,remove.
    -->
 
   <body>
+    <release version="6.7.1" date="TBD" description="Maintenance and bug fix 
release.">
+      <!-- ADD -->
+      <!-- FIX -->
+      <action                  type="fix" dev="markt" due-to="OSS-Fuzz">When 
parsing an class with an invalid constant reference, ensure ClassParser.parse() 
throws ClassFormatException, not NullPointerException.</action>
+      <!-- UPDATE -->
+    </release>
     <release version="6.7.0" date="2022-11-28" description="Maintenance and 
bug fix release.">
       <!-- ADD -->
       <action                  type="add" dev="ggregory" due-to="Gary 
Gregory">Add 
org.apache.bcel.classfile.ClassFormatException.ClassFormatException(Throwable).</action>
diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java 
b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
index 2ccabe01..b88ef0db 100644
--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
+++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
@@ -282,7 +282,7 @@ public class ConstantPool implements Cloneable, Node, 
Iterable<Constant> {
      */
     public <T extends Constant> T getConstant(final int index, final byte tag, 
final Class<T> castTo) throws ClassFormatException {
         final T c = getConstant(index);
-        if (c.getTag() != tag) {
+        if (c == null || c.getTag() != tag) {
             throw new ClassFormatException("Expected class '" + 
Const.getConstantName(tag) + "' at index " + index + " and got " + c);
         }
         return c;
diff --git a/src/test/java/org/apache/bcel/OssFuzzTestCase.java 
b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
index ed012989..548a0110 100644
--- a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
+++ b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
@@ -61,6 +61,11 @@ public class OssFuzzTestCase {
         testOssFuzzReproducer("53620");
     }
 
+    @Test
+    public void testIssue53676() throws Exception {
+        testOssFuzzReproducer("53676");
+    }
+
     private void testOssFuzzReproducer(final String issue) throws Exception {
         final File reproducerFile = new 
File("target/test-classes/ossfuzz/issue" + issue + "/Test.class");
         try (final FileInputStream reproducerInputStream = new 
FileInputStream(reproducerFile)) {
diff --git a/src/test/resources/ossfuzz/issue53676/Test.class 
b/src/test/resources/ossfuzz/issue53676/Test.class
new file mode 100644
index 00000000..c0ca8577
Binary files /dev/null and b/src/test/resources/ossfuzz/issue53676/Test.class 
differ

Reply via email to