On Thu, 18 Jul 2024 16:29:17 GMT, Chen Liang <li...@openjdk.org> wrote:
>> `ClassFile.verify()` should always return list of verification errors and
>> never throw an exception, even for corrupted classes.
>> `BoundAttribute` initializations of `LocalVariableTable` and
>> `LocalVariableTypeTable` attributes do not expect invalid possible locations
>> and cause `ClassCastException`.
>>
>> This patch fixes `BoundAttribute` to throw `IllegalArgumentException` for
>> invalid `LocalVariableTable` and `LocalVariableTypeTable` attributes
>> locations. And makes `VerifierImpl` a bit more resilient to exceptions
>> thrown from the verifier initialization.
>>
>> Relevant test is added.
>>
>> Please review.
>>
>> Thanks,
>> Adam
>
> src/java.base/share/classes/jdk/internal/classfile/impl/verifier/VerifierImpl.java
> line 117:
>
>> 115:
>> 116: public static List<VerifyError> verify(ClassModel classModel,
>> ClassHierarchyResolver classHierarchyResolver, Consumer<String> logger) {
>> 117: String clsName = classModel.thisClass().asInternalName();
>
> This can still throw `ConstantPoolException` if this_class points to a
> non-Class entry. This entry is lazily read by `ClassReader`, so you can
> create a `ClassModel` for such a bad class.
Alternatively, a malformed Class constant can point to a non-utf8, so the
`asInternalName` can fail too.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20241#discussion_r1683550724
