Bug 545588 (CVE-2019-10245) - Crash on unverifiable bytecode
Summary: Crash on unverifiable bytecode
Status: RESOLVED FIXED
Alias: CVE-2019-10245
Product: openj9
Classification: Technology
Component: General (show other bugs)
Version: unspecified   Edit
Hardware: PC All
: P3 normal
Target Milestone: ---   Edit
Assignee: Project Inbox CLA
QA Contact:
URL: https://cve.mitre.org/cgi-bin/cvekey....
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-03-20 09:50 EDT by Dan Heidinga CLA
Modified: 2019-04-22 11:47 EDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Heidinga CLA 2019-03-20 09:50:25 EDT 
A method that falls off the end is incorrectly verified and causes crashes.  Simple method:
```
  public static void foo();
    descriptor: ()V
    flags: ACC_PUBLIC, ACC_STATIC
    Code:
      stack=1, locals=2, args_size=0
         0: nop
```
Comment 1 Dan Heidinga CLA 2019-04-18 15:46:37 EDT 
project: Eclipse OpenJ9

version: [All versions before 0.14.0]

cwe: CWE-20: Improper Input Validation

summary: In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes.  Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Comment 2 Dan Heidinga CLA 2019-04-18 15:48:16 EDT 
Fixed in version 0.14.0 and master:
https://github.com/eclipse/openj9/pull/5528
https://github.com/eclipse/openj9/pull/5529
Comment 3 Wayne Beaton CLA 2019-04-18 16:02:25 EDT 
I've assigned CVE-2019-10245

https://github.com/CVEProject/cvelist/pull/1923