CadixDev / Bombe

A model of Java types, as per the JVMS specification.
BSD 3-Clause "New" or "Revised" License
6 stars 6 forks source link

Potential to read malformed object type #17

Closed jamierocks closed 3 years ago

jamierocks commented 3 years ago

If a consumer calls TypeReader#readObjectType() directly - they may inadvertantly read a malformed input.

    public ObjectType readObjectType() {
        final int start = this.index();
        this.advance();

        while (this.available() && this.peek() != ';') {
            this.advance();
        }

        if (this.peek() != ';') throw new IllegalStateException("Incomplete descriptor provided!");
        this.advance();

        return new ObjectType(this.substring(start + 1, this.index() - 1));
    }

There is no validation that the first character is L - therefore any character could be in its place. This is not a problem with readType() or readFieldType() as they will only pass onto readObjectType() in the circumstance that the check that needs be introduced here is done.

jamierocks commented 3 years ago

Fixed by https://github.com/CadixDev/Bombe/commit/b4dc52c923872279aa0c2ea9acaca6add1017465.