On Thu, 18 Jul 2024 16:23:44 GMT, Adam Sotona <[email protected]> wrote:
> `ClassFile.verify()` should always return list of verification errors and
> never throw an exception, even for corrupted classes.
> `BoundAttribute` initializations of `LocalVariableTable` and
> `LocalVariableTypeTable` attributes do not expect invalid possible locations
> and cause `ClassCastException`.
>
> This patch fixes `BoundAttribute` to throw `IllegalArgumentException` for
> invalid `LocalVariableTable` and `LocalVariableTypeTable` attributes
> locations. And makes `VerifierImpl` a bit more resilient to exceptions thrown
> from the verifier initialization.
>
> Relevant test is added.
>
> Please review.
>
> Thanks,
> Adam
src/java.base/share/classes/jdk/internal/classfile/impl/verifier/VerifierImpl.java
line 117:
> 115:
> 116: public static List<VerifyError> verify(ClassModel classModel,
> ClassHierarchyResolver classHierarchyResolver, Consumer<String> logger) {
> 117: String clsName = classModel.thisClass().asInternalName();
This can still throw `ConstantPoolException` if this_class points to a
non-Class entry. This entry is lazily read by `ClassReader`, so you can create
a `ClassModel` for such a bad class.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20241#discussion_r1683165097
