# HG changeset patch
# User asmotrak
# Date 1464384278 25200
# Node ID 4e6b93b00caa5da6450387438db980758ac03414
# Parent  96ea53771693b1436609f803d3e77c7d19040519
8152207: Perform array bound checks while getting a length of bytecode instructions
Reviewed-by: hseigel

diff -r 96ea53771693 -r 4e6b93b00caa jdk/src/java.base/share/native/libverify/check_code.c
--- a/jdk/src/java.base/share/native/libverify/check_code.c	Fri May 27 14:02:28 2016 -0300
+++ b/jdk/src/java.base/share/native/libverify/check_code.c	Fri May 27 14:24:38 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1744,9 +1744,14 @@
             }
 
         default: {
+            if (instruction < 0 || instruction > JVM_OPC_MAX)
+                return -1;
+
             /* A length of 0 indicates an error. */
-            int length = opcode_length[instruction];
-            return (length <= 0) ? -1 : length;
+            if (opcode_length[instruction] <= 0)
+                return -1;
+
+            return opcode_length[instruction];
         }
     }
 }