archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8308549: Classfile API should fail to generate over-sized Code attribute

Browse source 
Reviewed-by: mchung
This commit is contained in:
Adam Sotona 2023-05-25 07:13:33 +00:00
parent 2a18e537d6
commit bfcae68ed1
6 changed files with 50 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/java.base/share/classes/jdk/internal/classfile/impl/DirectCodeBuilder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -311,6 +311,13 @@ public final class DirectCodeBuilder
buf.setLabelContext(DirectCodeBuilder.this);
int codeLength = curPc();
if (codeLength == 0 || codeLength >= 65536) {
throw new IllegalArgumentException(String.format(
"Code length %d is outside the allowed range in %s%s",
codeLength,
methodInfo.methodName().stringValue(),
methodInfo.methodTypeSymbol().displayDescriptor()));
}
int maxStack, maxLocals;
Attribute<? extends StackMapTableAttribute> stackMapAttr;
boolean canReuseStackmaps = codeAndExceptionsMatch(codeLength);

5
src/java.base/share/classes/jdk/internal/classfile/impl/SplitConstantPool.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -194,6 +194,9 @@ public final class SplitConstantPool implements ConstantPoolBuilder {
@Override
public void writeTo(BufWriter buf) {
int writeFrom = 1;
if (entryCount() >= 65536) {
throw new IllegalArgumentException(String.format("Constant pool is too large %d", entryCount()));
}
buf.writeU2(entryCount());
if (parent != null && buf.constantPool().canWriteDirect(this)) {
parent.writeConstantPoolEntries(buf);

8
src/java.base/share/classes/jdk/internal/classfile/impl/verifier/VerifierImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -67,7 +67,7 @@ public final class VerifierImpl {
JVM_CONSTANT_Package = 20,
JVM_CONSTANT_ExternalMax = 20;
static final char JVM_SIGNATURE_SPECIAL = '<',
static final char JVM_SIGNATURE_SPECIAL = '<',
JVM_SIGNATURE_ARRAY = '[',
JVM_SIGNATURE_BYTE = 'B',
JVM_SIGNATURE_CHAR = 'C',
@ -102,6 +102,7 @@ static final char JVM_SIGNATURE_SPECIAL = '<',
static final int STACKMAP_ATTRIBUTE_MAJOR_VERSION = 50;
static final int INVOKEDYNAMIC_MAJOR_VERSION = 51;
static final int NOFAILOVER_MAJOR_VERSION = 51;
static final int MAX_CODE_SIZE = 65535;
public static List<VerifyError> verify(ClassModel classModel, Consumer<String> logger) {
return verify(classModel, ClassHierarchyResolver.DEFAULT_CLASS_HIERARCHY_RESOLVER, logger);
@ -299,6 +300,9 @@ static final char JVM_SIGNATURE_SPECIAL = '<',
VerificationType return_type = current_frame.set_locals_from_arg(m, current_type());
int stackmap_index = 0;
int code_length = m.codeLength();
if (code_length < 1 || code_length > MAX_CODE_SIZE) {
verifyError(String.format("Invalid method Code length %d", code_length));
}
var code = ByteBuffer.wrap(_method.codeArray(), 0, _method.codeLength());
byte[] code_data = generate_code_data(code, code_length);
int ex_minmax[] = new int[] {code_length, -1};