From b594ff6de08fd50a3192dfcfd44947a3a4fc3f9f Mon Sep 17 00:00:00 2001
From: Santiago Aboy Solanes <solanes@google.com>
Date: Mon, 6 Jan 2025 17:33:35 +0000
Subject: Fix DCHECK in RegType::IsObjectArrayTypes

Bug: 388017887
Test: m test-art-host-gtest-art_runtime_tests64
Change-Id: I209f19ed1edba18c511a39dc277aa1c800ed55be
---
 runtime/verifier/reg_type.cc                      |   2 +-
 tools/fuzzer/class-verifier-corpus/b388017887.dex | Bin 0 -> 49208 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 tools/fuzzer/class-verifier-corpus/b388017887.dex

diff --git a/runtime/verifier/reg_type.cc b/runtime/verifier/reg_type.cc
index a2b52f4f87..9b4cc94416 100644
--- a/runtime/verifier/reg_type.cc
+++ b/runtime/verifier/reg_type.cc
@@ -193,7 +193,7 @@ bool RegType::IsObjectArrayTypes() const {
     return down_cast<const UnresolvedMergedReferenceType&>(*this).IsObjectArrayTypesImpl();
   } else if (IsUnresolvedTypes()) {
     // Primitive arrays will always resolve.
-    DCHECK(descriptor_[1] == 'L' || descriptor_[1] == '[');
+    DCHECK_IMPLIES(descriptor_[0] == '[', descriptor_[1] == 'L' || descriptor_[1] == '[');
     return descriptor_[0] == '[';
   } else if (HasClass()) {
     ObjPtr<mirror::Class> type = GetClass();
diff --git a/tools/fuzzer/class-verifier-corpus/b388017887.dex b/tools/fuzzer/class-verifier-corpus/b388017887.dex
new file mode 100644
index 0000000000..c3c0143e40
Binary files /dev/null and b/tools/fuzzer/class-verifier-corpus/b388017887.dex differ
-- 
cgit v1.2.3-59-g8ed1b