ART: Add method verifier check for call site id
(cherry picked from 3a842f5adcbdeb3fd3db4206006a784ccabfc865)
Bug: 37248626
Test: dex2oat on bug data
Change-Id: I11fbf3b9402406ed0031f47a90a8ab38360a52bb
diff --git a/runtime/verifier/method_verifier.cc b/runtime/verifier/method_verifier.cc
index e09f95c..e1c6af4 100644
--- a/runtime/verifier/method_verifier.cc
+++ b/runtime/verifier/method_verifier.cc
@@ -4137,6 +4137,12 @@
}
bool MethodVerifier::CheckCallSite(uint32_t call_site_idx) {
+ if (call_site_idx >= dex_file_->NumCallSiteIds()) {
+ Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "Bad call site id #" << call_site_idx
+ << " >= " << dex_file_->NumCallSiteIds();
+ return false;
+ }
+
CallSiteArrayValueIterator it(*dex_file_, dex_file_->GetCallSiteId(call_site_idx));
// Check essential arguments are provided. The dex file verifier has verified indicies of the
// main values (method handle, name, method_type).
@@ -4147,9 +4153,11 @@
return false;
}
- // Get and check the first argument: the method handle.
+ // Get and check the first argument: the method handle (index range
+ // checked by the dex file verifier).
uint32_t method_handle_idx = static_cast<uint32_t>(it.GetJavaValue().i);
it.Next();
+
const DexFile::MethodHandleItem& mh = dex_file_->GetMethodHandle(method_handle_idx);
if (mh.method_handle_type_ != static_cast<uint16_t>(DexFile::MethodHandleType::kInvokeStatic)) {
Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "Call site #" << call_site_idx