Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
6.5.0
-
None
-
None
-
public class ParserTest { public void testWithInputStream(InputStream inputStream) throws IOException { JavaClass clazz; try { clazz = new ClassParser(inputStream, "Hello.class").parse(); } catch (ClassFormatException e) { // ClassFormatException thrown by the parser is just invalid input Assume.assumeNoException(e); return; } // Any non-IOException thrown here should be marked a failure // (including ClassFormatException) verifyJavaClass(clazz); } private void verifyJavaClass( JavaClass javaClass) throws IOException { try { Repository.addClass(javaClass); Verifier verifier = StatelessVerifierFactory.getVerifier(javaClass.getClassName()); VerificationResult result; result = verifier.doPass1(); assumeThat(result.getMessage(), result.getStatus(), is(VerificationResult.VERIFIED_OK)); result = verifier.doPass2(); assumeThat(result.getMessage(), result.getStatus(), is(VerificationResult.VERIFIED_OK)); for (int i = 0; i < javaClass.getMethods().length; i++) { result = verifier.doPass3a(i); assumeThat(result.getMessage(), result.getStatus(), is(VerificationResult.VERIFIED_OK)); } } finally { Repository.clearCache(); } } public static void main(String[] args) throws IOException { ParserTest pt = new ParserTest(); FileInputStream fis = new FileInputStream(new File("/home/jamesk/bcel_bugs/classgen.input")); pt.testWithInputStream(fis); } }
public class ParserTest { public void testWithInputStream(InputStream inputStream) throws IOException { JavaClass clazz; try { clazz = new ClassParser(inputStream, "Hello.class" ).parse(); } catch (ClassFormatException e) { // ClassFormatException thrown by the parser is just invalid input Assume.assumeNoException(e); return ; } // Any non-IOException thrown here should be marked a failure // (including ClassFormatException) verifyJavaClass(clazz); } private void verifyJavaClass( JavaClass javaClass) throws IOException { try { Repository.addClass(javaClass); Verifier verifier = StatelessVerifierFactory.getVerifier(javaClass.getClassName()); VerificationResult result; result = verifier.doPass1(); assumeThat(result.getMessage(), result.getStatus(), is(VerificationResult.VERIFIED_OK)); result = verifier.doPass2(); assumeThat(result.getMessage(), result.getStatus(), is(VerificationResult.VERIFIED_OK)); for ( int i = 0; i < javaClass.getMethods().length; i++) { result = verifier.doPass3a(i); assumeThat(result.getMessage(), result.getStatus(), is(VerificationResult.VERIFIED_OK)); } } finally { Repository.clearCache(); } } public static void main( String [] args) throws IOException { ParserTest pt = new ParserTest(); FileInputStream fis = new FileInputStream( new File( "/home/jamesk/bcel_bugs/classgen.input" )); pt.testWithInputStream(fis); } }
Description
Found while conducting fuzzing research. ClassGenException within Pass3aVerifier.
Exception in thread "main" org.apache.bcel.generic.ClassGenException: org.apache.bcel.generic.ArrayType [[Ljava/util/List; does not represent an ObjectType at org.apache.bcel.generic.FieldOrMethod.getLoadClassType(FieldOrMethod.java:138) at org.apache.bcel.verifier.statics.Pass3aVerifier$InstOperandConstraintVisitor.visitLoadClass(Pass3aVerifier.java:521) at org.apache.bcel.generic.INVOKESPECIAL.accept(INVOKESPECIAL.java:85) at org.apache.bcel.generic.InstructionHandle.accept(InstructionHandle.java:293) at org.apache.bcel.verifier.statics.Pass3aVerifier.pass3StaticInstructionOperandsChecks(Pass3aVerifier.java:443) at org.apache.bcel.verifier.statics.Pass3aVerifier.do_verify(Pass3aVerifier.java:208) at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:70) at org.apache.bcel.verifier.Verifier.doPass3a(Verifier.java:88)