From 6d029e80343873833f39d0cdd3473751c7719945 Mon Sep 17 00:00:00 2001
From: Artem Smotrakov <asmotrak@openjdk.org>
Date: Fri, 27 May 2016 14:24:38 -0700
Subject: [PATCH] 8152207: Perform array bound checks while getting a length of
 bytecode instructions

Reviewed-by: hseigel
---
 jdk/src/java.base/share/native/libverify/check_code.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/jdk/src/java.base/share/native/libverify/check_code.c b/jdk/src/java.base/share/native/libverify/check_code.c
index e22101496d7..1f9408fb206 100644
--- a/jdk/src/java.base/share/native/libverify/check_code.c
+++ b/jdk/src/java.base/share/native/libverify/check_code.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1744,9 +1744,14 @@ static int instruction_length(unsigned char *iptr, unsigned char *end)
             }
 
         default: {
+            if (instruction < 0 || instruction > JVM_OPC_MAX)
+                return -1;
+
             /* A length of 0 indicates an error. */
-            int length = opcode_length[instruction];
-            return (length <= 0) ? -1 : length;
+            if (opcode_length[instruction] <= 0)
+                return -1;
+
+            return opcode_length[instruction];
         }
     }
 }