From 673b4302edf6d1604e69a1427eea5324016bbab2 Mon Sep 17 00:00:00 2001 From: Andreas Gampe Date: Fri, 19 Jun 2015 20:37:46 -0700 Subject: [PATCH] ART: Check for expected args for instance methods Don't assume that the receiver is expected. This was writing out of bounds (or triggering a DCHECK). Bug: 21817284 Bug: 21872240 Bug: https://code.google.com/p/android/issues/detail?id=176571 Bug: https://code.google.com/p/android/issues/detail?id=176572 (cherry picked from commit ef0b1a1dbc99fe7c92f9598cbfc164763c1b66d7) Change-Id: I7cad2c1dfc39feb0b1b4660deeb43afdcb844ba3 --- runtime/verifier/method_verifier.cc | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/runtime/verifier/method_verifier.cc b/runtime/verifier/method_verifier.cc index 06ebf8bf3..b1f958d52 100644 --- a/runtime/verifier/method_verifier.cc +++ b/runtime/verifier/method_verifier.cc @@ -1291,13 +1291,22 @@ static bool IsPrimitiveDescriptor(char descriptor) { bool MethodVerifier::SetTypesFromSignature() { RegisterLine* reg_line = reg_table_.GetLine(0); - int arg_start = code_item_->registers_size_ - code_item_->ins_size_; + + // Should have been verified earlier. + DCHECK_GE(code_item_->registers_size_, code_item_->ins_size_); + + uint32_t arg_start = code_item_->registers_size_ - code_item_->ins_size_; size_t expected_args = code_item_->ins_size_; /* long/double count as two */ - DCHECK_GE(arg_start, 0); /* should have been verified earlier */ // Include the "this" pointer. size_t cur_arg = 0; if (!IsStatic()) { + if (expected_args == 0) { + // Expect at least a receiver. + Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "expected 0 args, but method is not static"; + return false; + } + // If this is a constructor for a class other than java.lang.Object, mark the first ("this") // argument as uninitialized. This restricts field access until the superclass constructor is // called. -- 2.11.0