mirrors
/
org.aspectj
mirror of https://github.com/eclipse/org.aspectj.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 138 Wiki Activity
Browse Source

Address upstream BCEL vulnerability CVE-2022-42920 

Fixes #192.

See https://github.com/advisories/GHSA-97xg-phpr-rg8q.
See https://issues.apache.org/jira/browse/BCEL-363.
See https://github.com/apache/commons-bcel/pull/147.

Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
tags/V1_9_19
Alexander Kriegisch 1 year ago
parent
21d6515731
commit
063d3cc59a
1 changed files with 21 additions and 4 deletions
Split View Show Diff Stats
  1. 21
    4
      bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java

+ 21
- 4
bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java View File

@@ -59,6 +59,7 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import com.sun.org.apache.bcel.internal.Const;
import org.aspectj.apache.bcel.Constants;
import org.aspectj.apache.bcel.generic.ArrayType;
import org.aspectj.apache.bcel.generic.ObjectType;
@@ -288,8 +289,14 @@ public class ConstantPool implements Node {
} // TEMPORARY, DONT LIKE PASSING THIS DATA OUT!

public void dump(DataOutputStream file) throws IOException {
file.writeShort(poolSize);
for (int i = 1; i < poolSize; i++)
/*
* Constants over the size of the constant pool shall not be written out.
* This is a redundant measure as the ConstantPoolGen should have already
* reported an error back in the situation.
*/
final int size = Math.min(poolSize, Const.MAX_CP_ENTRIES);
file.writeShort(size);
for (int i = 1; i < size; i++)
if (pool[i] != null)
pool[i].dump(file);
}
@@ -417,9 +424,19 @@ public class ConstantPool implements Node {
}

private void adjustSize() {
if (poolSize + 3 >= pool.length) {
// 3 extra spaces are needed as some entries may take 3 slots
if (poolSize + 3 >= Const.MAX_CP_ENTRIES + 1) {
throw new IllegalStateException(
"The number of constants " + (poolSize + 3) +
" is over the size of the constant pool: " + Const.MAX_CP_ENTRIES
);
}
if (poolSize + 3 >= pool.length) {
Constant[] cs = pool;
pool = new Constant[cs.length + 8];
int size = cs.length + 8;
// the constant array shall not exceed the size of the constant pool
size = Math.min(size, Const.MAX_CP_ENTRIES + 1);
pool = new Constant[size];
System.arraycopy(cs, 0, pool, 0, cs.length);
}
if (poolSize == 0)

Write Preview
Loading…
Cancel
Save