diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-01 09:39:50 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-01 09:39:50 +0000 |
| commit | e005f21dce0f6e619a3ec1fd616672214f6bb2b0 (patch) | |
| tree | 158e5a05156964cee94acbe543384e4b5d50eb0e /0001-CVE-2022-42920.patch | |
| parent | bf4b5c18c488f738feab1841859bba08622dfb36 (diff) | |
automatic import of bcelopeneuler24.03_LTS
Diffstat (limited to '0001-CVE-2022-42920.patch')
| -rw-r--r-- | 0001-CVE-2022-42920.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/0001-CVE-2022-42920.patch b/0001-CVE-2022-42920.patch new file mode 100644 index 0000000..4bbb9ee --- /dev/null +++ b/0001-CVE-2022-42920.patch @@ -0,0 +1,71 @@ +From 3a4e355796891149adfd9228633f179015293dbd Mon Sep 17 00:00:00 2001 +From: Richard Atkins <rjatkins359@gmail.com> +Date: Wed, 21 Sep 2022 23:18:58 +1000 +Subject: [PATCH] CVE-2022-42920 + +--- + .../org/apache/bcel/classfile/ConstantPool.java | 15 +++++++++++---- + .../org/apache/bcel/generic/ConstantPoolGen.java | 11 ++++++++++- + 2 files changed, 21 insertions(+), 5 deletions(-) + +diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java +index f2c946a1..77ab0da4 100644 +--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java ++++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java +@@ -218,10 +218,17 @@ public class ConstantPool implements Cloneable, Node { + * @throws IOException
+ */
+ public void dump( final DataOutputStream file ) throws IOException {
+- file.writeShort(constant_pool.length);
+- for (int i = 1; i < constant_pool.length; i++) {
+- if (constant_pool[i] != null) {
+- constant_pool[i].dump(file);
++ /*
++ * Constants over the size of the constant pool shall not be written out.
++ * This is a redundant measure as the ConstantPoolGen should have already
++ * reported an error back in the situation.
++ */
++ final int size = Math.min(constant_pool.length, Const.MAX_CP_ENTRIES);
++
++ file.writeShort(size);
++ for (int i = 1; i < size; i++) {
++ if (constant_pool[i] != null) {
++ constant_pool[i].dump(file);
+ }
+ }
+ }
+diff --git a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java +index fd0af47e..d3189ba4 100644 +--- a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java ++++ b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java +@@ -95,7 +95,7 @@ public class ConstantPoolGen { + public ConstantPoolGen(final Constant[] cs) {
+ final StringBuilder sb = new StringBuilder(DEFAULT_BUFFER_SIZE);
+
+- size = Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64);
++ size = Math.min(Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64), Const.MAX_CP_ENTRIES + 1);
+ constants = new Constant[size];
+
+ System.arraycopy(cs, 0, constants, 0, cs.length);
+@@ -224,9 +224,18 @@ public class ConstantPoolGen { + /** Resize internal array of constants.
+ */
+ protected void adjustSize() {
++ // 3 extra spaces are needed as some entries may take 3 slots
++ if (index + 3 >= Const.MAX_CP_ENTRIES + 1) {
++ throw new IllegalStateException("The number of constants " + (index + 3)
++ + " is over the size of the constant pool: "
++ + Const.MAX_CP_ENTRIES);
++ }
++
+ if (index + 3 >= size) {
+ final Constant[] cs = constants;
+ size *= 2;
++ // the constant array shall not exceed the size of the constant pool
++ size = Math.min(size, Const.MAX_CP_ENTRIES + 1);
+ constants = new Constant[size];
+ System.arraycopy(cs, 0, constants, 0, index);
+ }
+-- +2.38.1 + |