MSVSphere Packaging Team
2 years ago
parent
55efa0533a
commit
80cee01740
@ -0,0 +1,71 @@
|
|||||||
|
From 3a4e355796891149adfd9228633f179015293dbd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Atkins <rjatkins359@gmail.com>
|
||||||
|
Date: Wed, 21 Sep 2022 23:18:58 +1000
|
||||||
|
Subject: [PATCH] CVE-2022-42920
|
||||||
|
|
||||||
|
---
|
||||||
|
.../org/apache/bcel/classfile/ConstantPool.java | 15 +++++++++++----
|
||||||
|
.../org/apache/bcel/generic/ConstantPoolGen.java | 11 ++++++++++-
|
||||||
|
2 files changed, 21 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
|
||||||
|
index f2c946a1..77ab0da4 100644
|
||||||
|
--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
|
||||||
|
+++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
|
||||||
|
@@ -218,10 +218,17 @@ public class ConstantPool implements Cloneable, Node {
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
|
public void dump( final DataOutputStream file ) throws IOException {
|
||||||
|
- file.writeShort(constant_pool.length);
|
||||||
|
- for (int i = 1; i < constant_pool.length; i++) {
|
||||||
|
- if (constant_pool[i] != null) {
|
||||||
|
- constant_pool[i].dump(file);
|
||||||
|
+ /*
|
||||||
|
+ * Constants over the size of the constant pool shall not be written out.
|
||||||
|
+ * This is a redundant measure as the ConstantPoolGen should have already
|
||||||
|
+ * reported an error back in the situation.
|
||||||
|
+ */
|
||||||
|
+ final int size = Math.min(constant_pool.length, Const.MAX_CP_ENTRIES);
|
||||||
|
+
|
||||||
|
+ file.writeShort(size);
|
||||||
|
+ for (int i = 1; i < size; i++) {
|
||||||
|
+ if (constant_pool[i] != null) {
|
||||||
|
+ constant_pool[i].dump(file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
|
||||||
|
index fd0af47e..d3189ba4 100644
|
||||||
|
--- a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
|
||||||
|
+++ b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
|
||||||
|
@@ -95,7 +95,7 @@ public class ConstantPoolGen {
|
||||||
|
public ConstantPoolGen(final Constant[] cs) {
|
||||||
|
final StringBuilder sb = new StringBuilder(DEFAULT_BUFFER_SIZE);
|
||||||
|
|
||||||
|
- size = Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64);
|
||||||
|
+ size = Math.min(Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64), Const.MAX_CP_ENTRIES + 1);
|
||||||
|
constants = new Constant[size];
|
||||||
|
|
||||||
|
System.arraycopy(cs, 0, constants, 0, cs.length);
|
||||||
|
@@ -224,9 +224,18 @@ public class ConstantPoolGen {
|
||||||
|
/** Resize internal array of constants.
|
||||||
|
*/
|
||||||
|
protected void adjustSize() {
|
||||||
|
+ // 3 extra spaces are needed as some entries may take 3 slots
|
||||||
|
+ if (index + 3 >= Const.MAX_CP_ENTRIES + 1) {
|
||||||
|
+ throw new IllegalStateException("The number of constants " + (index + 3)
|
||||||
|
+ + " is over the size of the constant pool: "
|
||||||
|
+ + Const.MAX_CP_ENTRIES);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (index + 3 >= size) {
|
||||||
|
final Constant[] cs = constants;
|
||||||
|
size *= 2;
|
||||||
|
+ // the constant array shall not exceed the size of the constant pool
|
||||||
|
+ size = Math.min(size, Const.MAX_CP_ENTRIES + 1);
|
||||||
|
constants = new Constant[size];
|
||||||
|
System.arraycopy(cs, 0, constants, 0, index);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
||||||
Loading…
Reference in new issue