Skip to content

  • Projects
  • Groups
  • Snippets
  • Help
  • This project
    • Loading...
  • Sign in / Register
A
asmdex
  • Overview
    • Overview
    • Details
    • Activity
    • Cycle Analytics
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Charts
  • Registry
  • Issues 8
    • Issues 8
    • List
    • Board
    • Labels
    • Milestones
  • Merge Requests 0
    • Merge Requests 0
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Charts
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Charts
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • asm
  • asmdex
  • Issues
  • #316499

Closed
Open
Opened Sep 11, 2013 by eros_lever@eros_lever 
  • Report abuse
  • New issue
Report abuse New issue

const-string ushort overflow for string item

I was trying to instrument a huge DEX with more than 0xFFFF string items.
What happened is that the symbolicIndex reached values over the 65536 limit for 
values whose original string index is supposed to fit in a ushort.
This causes an overflow of the ushort value when writing a const-string 
instruction.

###################################################################

org.ow2.asmdex.structureWriter.ConstantPool:addStringToConstantPool

    public void addStringToConstantPool(String string) {
        if (string != null) {
            if (useSymbolicElements) {
                if (!symbolicStringsToIndexes.containsKey(string)) {
-->                 symbolicStringsToIndexes.put(string, 
symbolicStringsToIndexes.size());
                }
            } 
            strings.add(string);
        }
    }

The symbolic index can exceed 0xFFFF

##################################################################

org.ow2.asmdex.instruction.InstructionFormat21C:write

    public void write(ByteVector out, ConstantPool constantPool) {
        test8BitsLimit(registerA);
        // The format is AA|op BBBB.
        out.putShort(((registerA & 0xff) << 8) + opcodeByte);
        // The index may be a Type, or a String index.
        int index;
        if (opcodeByte == 0x1a) {
-->         index = constantPool.getStringIndex(stringOrType);
        } else if ((opcodeByte == 0x1c) || (opcodeByte == 0x1f) || (opcodeByte 
== 0x22)) {
            index = constantPool.getTypeIndex(stringOrType);
        } else { // 0x60...0x6d
            index = constantPool.getFieldIndex(field);
        }
-->     out.putShort(index);
    }

symbolicIndex is read and written as a ushort (even if it does not fit)

##################################################################

org.ow2.asmdex.lowLevelUtils.ByteVector:putShort

    public ByteVector putShort(final int s) {
        int length = this.length;
        if (length + 2 > data.length) {
            enlarge(2);
        }
        byte[] data = this.data;
-->     data[length++] = (byte) s;                      // Swapped.
-->     data[length++] = (byte) (s >>> 8);      // Swapped.
        this.length = length;
        return this;
    }

No warnings are raised for the overflow.
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
No due date
0
Labels
None
Assign labels
  • View labels
Reference: asm/asmdex#316499