From a7d186c83f0696693014b48cb4b530076cda1157 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@meta.com>
Date: Fri, 22 Nov 2024 12:04:02 -0800
Subject: [PATCH] Check constant pool size for double-slots

Summary: As title.

Reviewed By: wsanville

Differential Revision: D66335009

fbshipit-source-id: 73b2b6478aa980b69f4397eb4711e3ed707e65e6
---
 libredex/JarLoader.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libredex/JarLoader.cpp b/libredex/JarLoader.cpp
index 6cd93854cd..86dd31fa8d 100644
--- a/libredex/JarLoader.cpp
+++ b/libredex/JarLoader.cpp
@@ -450,9 +450,13 @@ bool parse_class(uint8_t* buffer,
   std::vector<cp_entry> cpool;
   cpool.resize(cp_count);
   /* The zero'th entry is always empty.  Java is annoying. */
-  for (int i = 1; i < cp_count; i++) {
+  for (size_t i = 1; i < cp_count; i++) {
     if (!parse_cp_entry(buffer, buffer_end, cpool[i])) return false;
     if (cpool[i].tag == CP_CONST_LONG || cpool[i].tag == CP_CONST_DOUBLE) {
+      if (i + 1 >= cp_count) {
+        std::cerr << "Bad long/double constant, bailing.\n";
+        return false;
+      }
       cpool[i + 1] = cpool[i];
       i++;
     }