[Bug] Fatal issue with Frame verification (Cause unknown)

terminalsin commented 2 years ago

Compiled bytecode:

 FRAME FULL [me/tecnio/antihaxerman/packetevents/PacketEvents me/tecnio/antihaxerman/packetevents/utils/server/ServerVersion T T T T me/tecnio/antihaxerman/packetevents/utils/netty/bytebuf/ByteBufUtil T T I T I] []
    ALOAD 0
    ALOAD 6
    PUTFIELD me/tecnio/antihaxerman/packetevents/PacketEvents.byteBufUtil : Lme/tecnio/antihaxerman/packetevents/utils/netty/bytebuf/ByteBufUtil;
    ALOAD 0

Error:

java.lang.VerifyError: Inconsistent stackmap frames at branch target 2458
Exception Details:
  Location:
    me/tecnio/antihaxerman/packetevents/PacketEvents.load()V @2458: aload_0
  Reason:
    Type 'me/tecnio/antihaxerman/packetevents/utils/netty/bytebuf/ByteBufUtil' (current frame, locals[6]) is not assignable to 'me/tecnio/antihaxerman/packetevents/utils/netty/bytebuf/ByteBufUtil_8' (stack map, locals[6])
  Current Frame:
    bci: @1074
    flags: { }
    locals: { 'me/tecnio/antihaxerman/packetevents/PacketEvents', 'me/tecnio/antihaxerman/packetevents/utils/server/ServerVersion', top, top, top, top, 'me/tecnio/antihaxerman/packetevents/utils/netty/bytebuf/ByteBufUtil', top, top, integer, top, integer }
    stack: { integer }
  Stackmap Frame:
    bci: @2458
    flags: { }
    locals: { 'me/tecnio/antihaxerman/packetevents/PacketEvents', 'me/tecnio/antihaxerman/packetevents/utils/server/ServerVersion', top, top, top, top, 'me/tecnio/antihaxerman/packetevents/utils/netty/bytebuf/ByteBufUtil_8', top, top, integer, top, integer }
    stack: { }

Relevant OpenJDK code:

bool StackMapFrame::is_assignable_to(
    const StackMapFrame* target, ErrorContext* ctx, TRAPS) const {
  if (_max_locals != target->max_locals()) {
    *ctx = ErrorContext::locals_size_mismatch(
        _offset, (StackMapFrame*)this, (StackMapFrame*)target);
    return false;
  }
  if (_stack_size != target->stack_size()) {
    *ctx = ErrorContext::stack_size_mismatch(
        _offset, (StackMapFrame*)this, (StackMapFrame*)target);
    return false;
  }
  // Only need to compare type elements up to target->locals() or target->stack().
  // The remaining type elements in this state can be ignored because they are
  // assignable to bogus type.
  int mismatch_loc;
  mismatch_loc = is_assignable_to(
    _locals, target->locals(), target->locals_size(), THREAD);
  if (mismatch_loc != target->locals_size()) {
    *ctx = ErrorContext::bad_type(target->offset(),
        TypeOrigin::local(mismatch_loc, (StackMapFrame*)this),
        TypeOrigin::sm_local(mismatch_loc, (StackMapFrame*)target));
    return false;
  }
  mismatch_loc = is_assignable_to(_stack, target->stack(), _stack_size, THREAD);
  if (mismatch_loc != _stack_size) {
    *ctx = ErrorContext::bad_type(target->offset(),
        TypeOrigin::stack(mismatch_loc, (StackMapFrame*)this),
        TypeOrigin::sm_stack(mismatch_loc, (StackMapFrame*)target));
    return false;
  }

  if ((_flags | target->flags()) == target->flags()) {
    return true;
  } else {
    *ctx = ErrorContext::bad_flags(target->offset(),
        (StackMapFrame*)this, (StackMapFrame*)target);
    return false;
  }
}

terminalsin commented 2 years ago

Heredity for reference

issue

Simplified CFG for reference

issue (1)

terminalsin commented 2 years ago

Solved in 6ee665a028124239b17937f6f8cd8b33dd0900bf. Follow up in. #7

skidfuscatordev / skidfuscator-java-obfuscator

[Bug] Fatal issue with Frame verification (Cause unknown) #6