summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--runtime/verifier/method_verifier.cc8
-rw-r--r--tools/fuzzer/class-verifier-corpus/b391844326.dexbin0 -> 1240 bytes
2 files changed, 4 insertions, 4 deletions
diff --git a/runtime/verifier/method_verifier.cc b/runtime/verifier/method_verifier.cc
index 05fb9b39b6..1de1e6bce8 100644
--- a/runtime/verifier/method_verifier.cc
+++ b/runtime/verifier/method_verifier.cc
@@ -1593,6 +1593,10 @@ bool MethodVerifier<kVerifierDebug>::Verify() {
return false;
}
+ if (code_item_accessor_.InsnsSizeInCodeUnits() == 0u) {
+ Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "code item has no opcode";
+ return false;
+ }
// Allocate and initialize an array to hold instruction data.
insn_flags_.reset(allocator_.AllocArray<InstructionFlags>(
code_item_accessor_.InsnsSizeInCodeUnits()));
@@ -1619,10 +1623,6 @@ bool MethodVerifierImpl::ComputeWidthsAndCountOps() {
// We can't assume the instruction is well formed, handle the case where calculating the size
// goes past the end of the code item.
const uint32_t insns_size = code_item_accessor_.InsnsSizeInCodeUnits();
- if (insns_size == 0u) {
- Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "code item has no opcode";
- return false;
- }
const Instruction* inst = &code_item_accessor_.InstructionAt(0u);
uint32_t dex_pc = 0u;
while (dex_pc != insns_size) {
diff --git a/tools/fuzzer/class-verifier-corpus/b391844326.dex b/tools/fuzzer/class-verifier-corpus/b391844326.dex
new file mode 100644
index 0000000000..faf536139b
--- /dev/null
+++ b/tools/fuzzer/class-verifier-corpus/b391844326.dex
Binary files differ
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-10 17:21:14 +0000