Fix #191 - Malicious signature causes stack overflow

leibnitz27 · Jun 27, 2020 · 04bb805 · 04bb805
1 parent f030846
commit 04bb805
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/org/benf/cfr/reader/entities/ClassFile.java b/src/org/benf/cfr/reader/entities/ClassFile.java
@@ -1095,9 +1095,18 @@ private ClassSignature getSignature(ConstantPool cp,
                                         List<ConstantPoolEntryClass> rawInterfaces) {
         AttributeSignature signatureAttribute = attributes.getByName(AttributeSignature.ATTRIBUTE_NAME);
 
-        if (signatureAttribute != null) {
+        sigAgree : if (signatureAttribute != null) {
             try {
-                return ConstantPoolUtils.parseClassSignature(signatureAttribute.getSignature(), cp);
+                ClassSignature fromAttr = ConstantPoolUtils.parseClassSignature(signatureAttribute.getSignature(), cp);
+                if (rawSuperClass != null) {
+                    JavaTypeInstance rawSuperType = rawSuperClass.getTypeInstance();
+                    JavaTypeInstance fromAttrType = fromAttr.getSuperClass().getDeGenerifiedType();
+                    if (!fromAttrType.equals(rawSuperType)) {
+                        addComment("Signature claims super is " + fromAttr.getSuperClass().getRawName() + ", not " + rawSuperType.getRawName() + " - discarding signature.");
+                        break sigAgree;
+                    }
+                }
+                return fromAttr;
             } catch (Exception ignore) {
                 // Corrupt?
             }