aboutsummaryrefslogtreecommitdiffstats
path: root/bcel-builder/src
diff options
context:
space:
mode:
authorAlexander Kriegisch <Alexander@Kriegisch.name>2022-11-13 11:28:22 +0100
committerAlexander Kriegisch <Alexander@Kriegisch.name>2022-11-13 11:57:20 +0100
commit063d3cc59aad88f02bc82bc6e417a828dae9ef2d (patch)
tree62dc48b5bafc6eaf954cf8b2e3395dd8454f4d26 /bcel-builder/src
parent21d651573103fee74dec9b01c36ad3932d355bcf (diff)
downloadaspectj-063d3cc59aad88f02bc82bc6e417a828dae9ef2d.tar.gz
aspectj-063d3cc59aad88f02bc82bc6e417a828dae9ef2d.zip
Address upstream BCEL vulnerability CVE-2022-42920
Fixes #192. See https://github.com/advisories/GHSA-97xg-phpr-rg8q. See https://issues.apache.org/jira/browse/BCEL-363. See https://github.com/apache/commons-bcel/pull/147. Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
Diffstat (limited to 'bcel-builder/src')
-rw-r--r--bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java25
1 files changed, 21 insertions, 4 deletions
diff --git a/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java b/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java
index f8894def4..5b434651e 100644
--- a/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java
+++ b/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java
@@ -59,6 +59,7 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
+import com.sun.org.apache.bcel.internal.Const;
import org.aspectj.apache.bcel.Constants;
import org.aspectj.apache.bcel.generic.ArrayType;
import org.aspectj.apache.bcel.generic.ObjectType;
@@ -288,8 +289,14 @@ public class ConstantPool implements Node {
} // TEMPORARY, DONT LIKE PASSING THIS DATA OUT!
public void dump(DataOutputStream file) throws IOException {
- file.writeShort(poolSize);
- for (int i = 1; i < poolSize; i++)
+ /*
+ * Constants over the size of the constant pool shall not be written out.
+ * This is a redundant measure as the ConstantPoolGen should have already
+ * reported an error back in the situation.
+ */
+ final int size = Math.min(poolSize, Const.MAX_CP_ENTRIES);
+ file.writeShort(size);
+ for (int i = 1; i < size; i++)
if (pool[i] != null)
pool[i].dump(file);
}
@@ -417,9 +424,19 @@ public class ConstantPool implements Node {
}
private void adjustSize() {
- if (poolSize + 3 >= pool.length) {
+ // 3 extra spaces are needed as some entries may take 3 slots
+ if (poolSize + 3 >= Const.MAX_CP_ENTRIES + 1) {
+ throw new IllegalStateException(
+ "The number of constants " + (poolSize + 3) +
+ " is over the size of the constant pool: " + Const.MAX_CP_ENTRIES
+ );
+ }
+ if (poolSize + 3 >= pool.length) {
Constant[] cs = pool;
- pool = new Constant[cs.length + 8];
+ int size = cs.length + 8;
+ // the constant array shall not exceed the size of the constant pool
+ size = Math.min(size, Const.MAX_CP_ENTRIES + 1);
+ pool = new Constant[size];
System.arraycopy(cs, 0, pool, 0, cs.length);
}
if (poolSize == 0)