Home | History | Annotate | Download | only in runtime
      1 /*
      2  * Copyright (C) 2011 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include "dex_file_verifier.h"
     18 
     19 #include <inttypes.h>
     20 #include <zlib.h>
     21 
     22 #include <memory>
     23 
     24 #include "base/stringprintf.h"
     25 #include "dex_file-inl.h"
     26 #include "experimental_flags.h"
     27 #include "leb128.h"
     28 #include "runtime.h"
     29 #include "safe_map.h"
     30 #include "utf-inl.h"
     31 #include "utils.h"
     32 
     33 namespace art {
     34 
     35 static uint32_t MapTypeToBitMask(uint32_t map_type) {
     36   switch (map_type) {
     37     case DexFile::kDexTypeHeaderItem:               return 1 << 0;
     38     case DexFile::kDexTypeStringIdItem:             return 1 << 1;
     39     case DexFile::kDexTypeTypeIdItem:               return 1 << 2;
     40     case DexFile::kDexTypeProtoIdItem:              return 1 << 3;
     41     case DexFile::kDexTypeFieldIdItem:              return 1 << 4;
     42     case DexFile::kDexTypeMethodIdItem:             return 1 << 5;
     43     case DexFile::kDexTypeClassDefItem:             return 1 << 6;
     44     case DexFile::kDexTypeMapList:                  return 1 << 7;
     45     case DexFile::kDexTypeTypeList:                 return 1 << 8;
     46     case DexFile::kDexTypeAnnotationSetRefList:     return 1 << 9;
     47     case DexFile::kDexTypeAnnotationSetItem:        return 1 << 10;
     48     case DexFile::kDexTypeClassDataItem:            return 1 << 11;
     49     case DexFile::kDexTypeCodeItem:                 return 1 << 12;
     50     case DexFile::kDexTypeStringDataItem:           return 1 << 13;
     51     case DexFile::kDexTypeDebugInfoItem:            return 1 << 14;
     52     case DexFile::kDexTypeAnnotationItem:           return 1 << 15;
     53     case DexFile::kDexTypeEncodedArrayItem:         return 1 << 16;
     54     case DexFile::kDexTypeAnnotationsDirectoryItem: return 1 << 17;
     55   }
     56   return 0;
     57 }
     58 
     59 static bool IsDataSectionType(uint32_t map_type) {
     60   switch (map_type) {
     61     case DexFile::kDexTypeHeaderItem:
     62     case DexFile::kDexTypeStringIdItem:
     63     case DexFile::kDexTypeTypeIdItem:
     64     case DexFile::kDexTypeProtoIdItem:
     65     case DexFile::kDexTypeFieldIdItem:
     66     case DexFile::kDexTypeMethodIdItem:
     67     case DexFile::kDexTypeClassDefItem:
     68       return false;
     69   }
     70   return true;
     71 }
     72 
     73 const char* DexFileVerifier::CheckLoadStringByIdx(uint32_t idx, const char* error_string) {
     74   if (UNLIKELY(!CheckIndex(idx, dex_file_->NumStringIds(), error_string))) {
     75     return nullptr;
     76   }
     77   return dex_file_->StringDataByIdx(idx);
     78 }
     79 
     80 const char* DexFileVerifier::CheckLoadStringByTypeIdx(uint32_t type_idx, const char* error_string) {
     81   if (UNLIKELY(!CheckIndex(type_idx, dex_file_->NumTypeIds(), error_string))) {
     82     return nullptr;
     83   }
     84   const DexFile::TypeId& type_id = dex_file_->GetTypeId(type_idx);
     85   uint32_t idx = type_id.descriptor_idx_;
     86   return CheckLoadStringByIdx(idx, error_string);
     87 }
     88 
     89 const DexFile::FieldId* DexFileVerifier::CheckLoadFieldId(uint32_t idx, const char* error_string) {
     90   if (UNLIKELY(!CheckIndex(idx, dex_file_->NumFieldIds(), error_string))) {
     91     return nullptr;
     92   }
     93   return &dex_file_->GetFieldId(idx);
     94 }
     95 
     96 const DexFile::MethodId* DexFileVerifier::CheckLoadMethodId(uint32_t idx, const char* err_string) {
     97   if (UNLIKELY(!CheckIndex(idx, dex_file_->NumMethodIds(), err_string))) {
     98     return nullptr;
     99   }
    100   return &dex_file_->GetMethodId(idx);
    101 }
    102 
    103 // Helper macro to load string and return false on error.
    104 #define LOAD_STRING(var, idx, error)                  \
    105   const char* var = CheckLoadStringByIdx(idx, error); \
    106   if (UNLIKELY(var == nullptr)) {                     \
    107     return false;                                     \
    108   }
    109 
    110 // Helper macro to load string by type idx and return false on error.
    111 #define LOAD_STRING_BY_TYPE(var, type_idx, error)              \
    112   const char* var = CheckLoadStringByTypeIdx(type_idx, error); \
    113   if (UNLIKELY(var == nullptr)) {                              \
    114     return false;                                              \
    115   }
    116 
    117 // Helper macro to load method id. Return last parameter on error.
    118 #define LOAD_METHOD(var, idx, error_string, error_stmt)                 \
    119   const DexFile::MethodId* var  = CheckLoadMethodId(idx, error_string); \
    120   if (UNLIKELY(var == nullptr)) {                                       \
    121     error_stmt;                                                         \
    122   }
    123 
    124 // Helper macro to load method id. Return last parameter on error.
    125 #define LOAD_FIELD(var, idx, fmt, error_stmt)               \
    126   const DexFile::FieldId* var = CheckLoadFieldId(idx, fmt); \
    127   if (UNLIKELY(var == nullptr)) {                           \
    128     error_stmt;                                             \
    129   }
    130 
    131 bool DexFileVerifier::Verify(const DexFile* dex_file, const uint8_t* begin, size_t size,
    132                              const char* location, std::string* error_msg) {
    133   std::unique_ptr<DexFileVerifier> verifier(new DexFileVerifier(dex_file, begin, size, location));
    134   if (!verifier->Verify()) {
    135     *error_msg = verifier->FailureReason();
    136     return false;
    137   }
    138   return true;
    139 }
    140 
    141 bool DexFileVerifier::CheckShortyDescriptorMatch(char shorty_char, const char* descriptor,
    142                                                 bool is_return_type) {
    143   switch (shorty_char) {
    144     case 'V':
    145       if (UNLIKELY(!is_return_type)) {
    146         ErrorStringPrintf("Invalid use of void");
    147         return false;
    148       }
    149       FALLTHROUGH_INTENDED;
    150     case 'B':
    151     case 'C':
    152     case 'D':
    153     case 'F':
    154     case 'I':
    155     case 'J':
    156     case 'S':
    157     case 'Z':
    158       if (UNLIKELY((descriptor[0] != shorty_char) || (descriptor[1] != '\0'))) {
    159         ErrorStringPrintf("Shorty vs. primitive type mismatch: '%c', '%s'",
    160                           shorty_char, descriptor);
    161         return false;
    162       }
    163       break;
    164     case 'L':
    165       if (UNLIKELY((descriptor[0] != 'L') && (descriptor[0] != '['))) {
    166         ErrorStringPrintf("Shorty vs. type mismatch: '%c', '%s'", shorty_char, descriptor);
    167         return false;
    168       }
    169       break;
    170     default:
    171       ErrorStringPrintf("Bad shorty character: '%c'", shorty_char);
    172       return false;
    173   }
    174   return true;
    175 }
    176 
    177 bool DexFileVerifier::CheckListSize(const void* start, size_t count, size_t elem_size,
    178                                     const char* label) {
    179   // Check that size is not 0.
    180   CHECK_NE(elem_size, 0U);
    181 
    182   const uint8_t* range_start = reinterpret_cast<const uint8_t*>(start);
    183   const uint8_t* file_start = reinterpret_cast<const uint8_t*>(begin_);
    184 
    185   // Check for overflow.
    186   uintptr_t max = 0 - 1;
    187   size_t available_bytes_till_end_of_mem = max - reinterpret_cast<uintptr_t>(start);
    188   size_t max_count = available_bytes_till_end_of_mem / elem_size;
    189   if (max_count < count) {
    190     ErrorStringPrintf("Overflow in range for %s: %zx for %zu@%zu", label,
    191                       static_cast<size_t>(range_start - file_start),
    192                       count, elem_size);
    193     return false;
    194   }
    195 
    196   const uint8_t* range_end = range_start + count * elem_size;
    197   const uint8_t* file_end = file_start + size_;
    198   if (UNLIKELY((range_start < file_start) || (range_end > file_end))) {
    199     // Note: these two tests are enough as we make sure above that there's no overflow.
    200     ErrorStringPrintf("Bad range for %s: %zx to %zx", label,
    201                       static_cast<size_t>(range_start - file_start),
    202                       static_cast<size_t>(range_end - file_start));
    203     return false;
    204   }
    205   return true;
    206 }
    207 
    208 bool DexFileVerifier::CheckList(size_t element_size, const char* label, const uint8_t* *ptr) {
    209   // Check that the list is available. The first 4B are the count.
    210   if (!CheckListSize(*ptr, 1, 4U, label)) {
    211     return false;
    212   }
    213 
    214   uint32_t count = *reinterpret_cast<const uint32_t*>(*ptr);
    215   if (count > 0) {
    216     if (!CheckListSize(*ptr + 4, count, element_size, label)) {
    217       return false;
    218     }
    219   }
    220 
    221   *ptr += 4 + count * element_size;
    222   return true;
    223 }
    224 
    225 bool DexFileVerifier::CheckIndex(uint32_t field, uint32_t limit, const char* label) {
    226   if (UNLIKELY(field >= limit)) {
    227     ErrorStringPrintf("Bad index for %s: %x >= %x", label, field, limit);
    228     return false;
    229   }
    230   return true;
    231 }
    232 
    233 bool DexFileVerifier::CheckValidOffsetAndSize(uint32_t offset,
    234                                               uint32_t size,
    235                                               size_t alignment,
    236                                               const char* label) {
    237   if (size == 0) {
    238     if (offset != 0) {
    239       ErrorStringPrintf("Offset(%d) should be zero when size is zero for %s.", offset, label);
    240       return false;
    241     }
    242   }
    243   if (size_ <= offset) {
    244     ErrorStringPrintf("Offset(%d) should be within file size(%zu) for %s.", offset, size_, label);
    245     return false;
    246   }
    247   if (alignment != 0 && !IsAlignedParam(offset, alignment)) {
    248     ErrorStringPrintf("Offset(%d) should be aligned by %zu for %s.", offset, alignment, label);
    249     return false;
    250   }
    251   return true;
    252 }
    253 
    254 bool DexFileVerifier::CheckSizeLimit(uint32_t size, uint32_t limit, const char* label) {
    255   if (size > limit) {
    256     ErrorStringPrintf("Size(%u) should not exceed limit(%u) for %s.", size, limit, label);
    257     return false;
    258   }
    259   return true;
    260 }
    261 
    262 bool DexFileVerifier::CheckHeader() {
    263   // Check file size from the header.
    264   uint32_t expected_size = header_->file_size_;
    265   if (size_ != expected_size) {
    266     ErrorStringPrintf("Bad file size (%zd, expected %ud)", size_, expected_size);
    267     return false;
    268   }
    269 
    270   // Compute and verify the checksum in the header.
    271   uint32_t adler_checksum = adler32(0L, Z_NULL, 0);
    272   const uint32_t non_sum = sizeof(header_->magic_) + sizeof(header_->checksum_);
    273   const uint8_t* non_sum_ptr = reinterpret_cast<const uint8_t*>(header_) + non_sum;
    274   adler_checksum = adler32(adler_checksum, non_sum_ptr, expected_size - non_sum);
    275   if (adler_checksum != header_->checksum_) {
    276     ErrorStringPrintf("Bad checksum (%08x, expected %08x)", adler_checksum, header_->checksum_);
    277     return false;
    278   }
    279 
    280   // Check the contents of the header.
    281   if (header_->endian_tag_ != DexFile::kDexEndianConstant) {
    282     ErrorStringPrintf("Unexpected endian_tag: %x", header_->endian_tag_);
    283     return false;
    284   }
    285 
    286   if (header_->header_size_ != sizeof(DexFile::Header)) {
    287     ErrorStringPrintf("Bad header size: %ud", header_->header_size_);
    288     return false;
    289   }
    290 
    291   // Check that all offsets are inside the file.
    292   bool result =
    293       CheckValidOffsetAndSize(header_->link_off_,
    294                               header_->link_size_,
    295                               0 /* unaligned */,
    296                               "link") &&
    297       CheckValidOffsetAndSize(header_->map_off_,
    298                               header_->map_off_,
    299                               4,
    300                               "map") &&
    301       CheckValidOffsetAndSize(header_->string_ids_off_,
    302                               header_->string_ids_size_,
    303                               4,
    304                               "string-ids") &&
    305       CheckValidOffsetAndSize(header_->type_ids_off_,
    306                               header_->type_ids_size_,
    307                               4,
    308                               "type-ids") &&
    309       CheckSizeLimit(header_->type_ids_size_, DexFile::kDexNoIndex16, "type-ids") &&
    310       CheckValidOffsetAndSize(header_->proto_ids_off_,
    311                               header_->proto_ids_size_,
    312                               4,
    313                               "proto-ids") &&
    314       CheckSizeLimit(header_->proto_ids_size_, DexFile::kDexNoIndex16, "proto-ids") &&
    315       CheckValidOffsetAndSize(header_->field_ids_off_,
    316                               header_->field_ids_size_,
    317                               4,
    318                               "field-ids") &&
    319       CheckValidOffsetAndSize(header_->method_ids_off_,
    320                               header_->method_ids_size_,
    321                               4,
    322                               "method-ids") &&
    323       CheckValidOffsetAndSize(header_->class_defs_off_,
    324                               header_->class_defs_size_,
    325                               4,
    326                               "class-defs") &&
    327       CheckValidOffsetAndSize(header_->data_off_,
    328                               header_->data_size_,
    329                               0,  // Unaligned, spec doesn't talk about it, even though size
    330                                   // is supposed to be a multiple of 4.
    331                               "data");
    332   return result;
    333 }
    334 
    335 bool DexFileVerifier::CheckMap() {
    336   const DexFile::MapList* map = reinterpret_cast<const DexFile::MapList*>(begin_ +
    337                                                                           header_->map_off_);
    338   // Check that map list content is available.
    339   if (!CheckListSize(map, 1, sizeof(DexFile::MapList), "maplist content")) {
    340     return false;
    341   }
    342 
    343   const DexFile::MapItem* item = map->list_;
    344 
    345   uint32_t count = map->size_;
    346   uint32_t last_offset = 0;
    347   uint32_t data_item_count = 0;
    348   uint32_t data_items_left = header_->data_size_;
    349   uint32_t used_bits = 0;
    350 
    351   // Sanity check the size of the map list.
    352   if (!CheckListSize(item, count, sizeof(DexFile::MapItem), "map size")) {
    353     return false;
    354   }
    355 
    356   // Check the items listed in the map.
    357   for (uint32_t i = 0; i < count; i++) {
    358     if (UNLIKELY(last_offset >= item->offset_ && i != 0)) {
    359       ErrorStringPrintf("Out of order map item: %x then %x", last_offset, item->offset_);
    360       return false;
    361     }
    362     if (UNLIKELY(item->offset_ >= header_->file_size_)) {
    363       ErrorStringPrintf("Map item after end of file: %x, size %x",
    364                         item->offset_, header_->file_size_);
    365       return false;
    366     }
    367 
    368     if (IsDataSectionType(item->type_)) {
    369       uint32_t icount = item->size_;
    370       if (UNLIKELY(icount > data_items_left)) {
    371         ErrorStringPrintf("Too many items in data section: %ud", data_item_count + icount);
    372         return false;
    373       }
    374       data_items_left -= icount;
    375       data_item_count += icount;
    376     }
    377 
    378     uint32_t bit = MapTypeToBitMask(item->type_);
    379 
    380     if (UNLIKELY(bit == 0)) {
    381       ErrorStringPrintf("Unknown map section type %x", item->type_);
    382       return false;
    383     }
    384 
    385     if (UNLIKELY((used_bits & bit) != 0)) {
    386       ErrorStringPrintf("Duplicate map section of type %x", item->type_);
    387       return false;
    388     }
    389 
    390     used_bits |= bit;
    391     last_offset = item->offset_;
    392     item++;
    393   }
    394 
    395   // Check for missing sections in the map.
    396   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeHeaderItem)) == 0)) {
    397     ErrorStringPrintf("Map is missing header entry");
    398     return false;
    399   }
    400   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeMapList)) == 0)) {
    401     ErrorStringPrintf("Map is missing map_list entry");
    402     return false;
    403   }
    404   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeStringIdItem)) == 0 &&
    405                ((header_->string_ids_off_ != 0) || (header_->string_ids_size_ != 0)))) {
    406     ErrorStringPrintf("Map is missing string_ids entry");
    407     return false;
    408   }
    409   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeTypeIdItem)) == 0 &&
    410                ((header_->type_ids_off_ != 0) || (header_->type_ids_size_ != 0)))) {
    411     ErrorStringPrintf("Map is missing type_ids entry");
    412     return false;
    413   }
    414   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeProtoIdItem)) == 0 &&
    415                ((header_->proto_ids_off_ != 0) || (header_->proto_ids_size_ != 0)))) {
    416     ErrorStringPrintf("Map is missing proto_ids entry");
    417     return false;
    418   }
    419   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeFieldIdItem)) == 0 &&
    420                ((header_->field_ids_off_ != 0) || (header_->field_ids_size_ != 0)))) {
    421     ErrorStringPrintf("Map is missing field_ids entry");
    422     return false;
    423   }
    424   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeMethodIdItem)) == 0 &&
    425                ((header_->method_ids_off_ != 0) || (header_->method_ids_size_ != 0)))) {
    426     ErrorStringPrintf("Map is missing method_ids entry");
    427     return false;
    428   }
    429   if (UNLIKELY((used_bits & MapTypeToBitMask(DexFile::kDexTypeClassDefItem)) == 0 &&
    430                ((header_->class_defs_off_ != 0) || (header_->class_defs_size_ != 0)))) {
    431     ErrorStringPrintf("Map is missing class_defs entry");
    432     return false;
    433   }
    434   return true;
    435 }
    436 
    437 uint32_t DexFileVerifier::ReadUnsignedLittleEndian(uint32_t size) {
    438   uint32_t result = 0;
    439   if (LIKELY(CheckListSize(ptr_, size, sizeof(uint8_t), "encoded_value"))) {
    440     for (uint32_t i = 0; i < size; i++) {
    441       result |= ((uint32_t) *(ptr_++)) << (i * 8);
    442     }
    443   }
    444   return result;
    445 }
    446 
    447 bool DexFileVerifier::CheckAndGetHandlerOffsets(const DexFile::CodeItem* code_item,
    448                                                 uint32_t* handler_offsets, uint32_t handlers_size) {
    449   const uint8_t* handlers_base = DexFile::GetCatchHandlerData(*code_item, 0);
    450 
    451   for (uint32_t i = 0; i < handlers_size; i++) {
    452     bool catch_all;
    453     size_t offset = ptr_ - handlers_base;
    454     int32_t size = DecodeSignedLeb128(&ptr_);
    455 
    456     if (UNLIKELY((size < -65536) || (size > 65536))) {
    457       ErrorStringPrintf("Invalid exception handler size: %d", size);
    458       return false;
    459     }
    460 
    461     if (size <= 0) {
    462       catch_all = true;
    463       size = -size;
    464     } else {
    465       catch_all = false;
    466     }
    467 
    468     handler_offsets[i] = static_cast<uint32_t>(offset);
    469 
    470     while (size-- > 0) {
    471       uint32_t type_idx = DecodeUnsignedLeb128(&ptr_);
    472       if (!CheckIndex(type_idx, header_->type_ids_size_, "handler type_idx")) {
    473         return false;
    474       }
    475 
    476       uint32_t addr = DecodeUnsignedLeb128(&ptr_);
    477       if (UNLIKELY(addr >= code_item->insns_size_in_code_units_)) {
    478         ErrorStringPrintf("Invalid handler addr: %x", addr);
    479         return false;
    480       }
    481     }
    482 
    483     if (catch_all) {
    484       uint32_t addr = DecodeUnsignedLeb128(&ptr_);
    485       if (UNLIKELY(addr >= code_item->insns_size_in_code_units_)) {
    486         ErrorStringPrintf("Invalid handler catch_all_addr: %x", addr);
    487         return false;
    488       }
    489     }
    490   }
    491 
    492   return true;
    493 }
    494 
    495 bool DexFileVerifier::CheckClassDataItemField(uint32_t idx,
    496                                               uint32_t access_flags,
    497                                               uint32_t class_access_flags,
    498                                               uint16_t class_type_index,
    499                                               bool expect_static) {
    500   // Check for overflow.
    501   if (!CheckIndex(idx, header_->field_ids_size_, "class_data_item field_idx")) {
    502     return false;
    503   }
    504 
    505   // Check that it's the right class.
    506   uint16_t my_class_index =
    507       (reinterpret_cast<const DexFile::FieldId*>(begin_ + header_->field_ids_off_) + idx)->
    508           class_idx_;
    509   if (class_type_index != my_class_index) {
    510     ErrorStringPrintf("Field's class index unexpected, %" PRIu16 "vs %" PRIu16,
    511                       my_class_index,
    512                       class_type_index);
    513     return false;
    514   }
    515 
    516   // Check that it falls into the right class-data list.
    517   bool is_static = (access_flags & kAccStatic) != 0;
    518   if (UNLIKELY(is_static != expect_static)) {
    519     ErrorStringPrintf("Static/instance field not in expected list");
    520     return false;
    521   }
    522 
    523   // Check field access flags.
    524   std::string error_msg;
    525   if (!CheckFieldAccessFlags(idx, access_flags, class_access_flags, &error_msg)) {
    526     ErrorStringPrintf("%s", error_msg.c_str());
    527     return false;
    528   }
    529 
    530   return true;
    531 }
    532 
    533 bool DexFileVerifier::CheckClassDataItemMethod(uint32_t idx,
    534                                                uint32_t access_flags,
    535                                                uint32_t class_access_flags,
    536                                                uint16_t class_type_index,
    537                                                uint32_t code_offset,
    538                                                std::unordered_set<uint32_t>* direct_method_indexes,
    539                                                bool expect_direct) {
    540   DCHECK(direct_method_indexes != nullptr);
    541   // Check for overflow.
    542   if (!CheckIndex(idx, header_->method_ids_size_, "class_data_item method_idx")) {
    543     return false;
    544   }
    545 
    546   // Check that it's the right class.
    547   uint16_t my_class_index =
    548       (reinterpret_cast<const DexFile::MethodId*>(begin_ + header_->method_ids_off_) + idx)->
    549           class_idx_;
    550   if (class_type_index != my_class_index) {
    551     ErrorStringPrintf("Method's class index unexpected, %" PRIu16 "vs %" PRIu16,
    552                       my_class_index,
    553                       class_type_index);
    554     return false;
    555   }
    556 
    557   // Check that it's not defined as both direct and virtual.
    558   if (expect_direct) {
    559     direct_method_indexes->insert(idx);
    560   } else if (direct_method_indexes->find(idx) != direct_method_indexes->end()) {
    561     ErrorStringPrintf("Found virtual method with same index as direct method: %d", idx);
    562     return false;
    563   }
    564 
    565   // Check method access flags.
    566   bool has_code = (code_offset != 0);
    567   std::string error_msg;
    568   if (!CheckMethodAccessFlags(idx,
    569                               access_flags,
    570                               class_access_flags,
    571                               has_code,
    572                               expect_direct,
    573                               &error_msg)) {
    574     ErrorStringPrintf("%s", error_msg.c_str());
    575     return false;
    576   }
    577 
    578   return true;
    579 }
    580 
    581 bool DexFileVerifier::CheckPadding(size_t offset, uint32_t aligned_offset) {
    582   if (offset < aligned_offset) {
    583     if (!CheckListSize(begin_ + offset, aligned_offset - offset, sizeof(uint8_t), "section")) {
    584       return false;
    585     }
    586     while (offset < aligned_offset) {
    587       if (UNLIKELY(*ptr_ != '\0')) {
    588         ErrorStringPrintf("Non-zero padding %x before section start at %zx", *ptr_, offset);
    589         return false;
    590       }
    591       ptr_++;
    592       offset++;
    593     }
    594   }
    595   return true;
    596 }
    597 
    598 bool DexFileVerifier::CheckEncodedValue() {
    599   if (!CheckListSize(ptr_, 1, sizeof(uint8_t), "encoded_value header")) {
    600     return false;
    601   }
    602 
    603   uint8_t header_byte = *(ptr_++);
    604   uint32_t value_type = header_byte & DexFile::kDexAnnotationValueTypeMask;
    605   uint32_t value_arg = header_byte >> DexFile::kDexAnnotationValueArgShift;
    606 
    607   switch (value_type) {
    608     case DexFile::kDexAnnotationByte:
    609       if (UNLIKELY(value_arg != 0)) {
    610         ErrorStringPrintf("Bad encoded_value byte size %x", value_arg);
    611         return false;
    612       }
    613       ptr_++;
    614       break;
    615     case DexFile::kDexAnnotationShort:
    616     case DexFile::kDexAnnotationChar:
    617       if (UNLIKELY(value_arg > 1)) {
    618         ErrorStringPrintf("Bad encoded_value char/short size %x", value_arg);
    619         return false;
    620       }
    621       ptr_ += value_arg + 1;
    622       break;
    623     case DexFile::kDexAnnotationInt:
    624     case DexFile::kDexAnnotationFloat:
    625       if (UNLIKELY(value_arg > 3)) {
    626         ErrorStringPrintf("Bad encoded_value int/float size %x", value_arg);
    627         return false;
    628       }
    629       ptr_ += value_arg + 1;
    630       break;
    631     case DexFile::kDexAnnotationLong:
    632     case DexFile::kDexAnnotationDouble:
    633       ptr_ += value_arg + 1;
    634       break;
    635     case DexFile::kDexAnnotationString: {
    636       if (UNLIKELY(value_arg > 3)) {
    637         ErrorStringPrintf("Bad encoded_value string size %x", value_arg);
    638         return false;
    639       }
    640       uint32_t idx = ReadUnsignedLittleEndian(value_arg + 1);
    641       if (!CheckIndex(idx, header_->string_ids_size_, "encoded_value string")) {
    642         return false;
    643       }
    644       break;
    645     }
    646     case DexFile::kDexAnnotationType: {
    647       if (UNLIKELY(value_arg > 3)) {
    648         ErrorStringPrintf("Bad encoded_value type size %x", value_arg);
    649         return false;
    650       }
    651       uint32_t idx = ReadUnsignedLittleEndian(value_arg + 1);
    652       if (!CheckIndex(idx, header_->type_ids_size_, "encoded_value type")) {
    653         return false;
    654       }
    655       break;
    656     }
    657     case DexFile::kDexAnnotationField:
    658     case DexFile::kDexAnnotationEnum: {
    659       if (UNLIKELY(value_arg > 3)) {
    660         ErrorStringPrintf("Bad encoded_value field/enum size %x", value_arg);
    661         return false;
    662       }
    663       uint32_t idx = ReadUnsignedLittleEndian(value_arg + 1);
    664       if (!CheckIndex(idx, header_->field_ids_size_, "encoded_value field")) {
    665         return false;
    666       }
    667       break;
    668     }
    669     case DexFile::kDexAnnotationMethod: {
    670       if (UNLIKELY(value_arg > 3)) {
    671         ErrorStringPrintf("Bad encoded_value method size %x", value_arg);
    672         return false;
    673       }
    674       uint32_t idx = ReadUnsignedLittleEndian(value_arg + 1);
    675       if (!CheckIndex(idx, header_->method_ids_size_, "encoded_value method")) {
    676         return false;
    677       }
    678       break;
    679     }
    680     case DexFile::kDexAnnotationArray:
    681       if (UNLIKELY(value_arg != 0)) {
    682         ErrorStringPrintf("Bad encoded_value array value_arg %x", value_arg);
    683         return false;
    684       }
    685       if (!CheckEncodedArray()) {
    686         return false;
    687       }
    688       break;
    689     case DexFile::kDexAnnotationAnnotation:
    690       if (UNLIKELY(value_arg != 0)) {
    691         ErrorStringPrintf("Bad encoded_value annotation value_arg %x", value_arg);
    692         return false;
    693       }
    694       if (!CheckEncodedAnnotation()) {
    695         return false;
    696       }
    697       break;
    698     case DexFile::kDexAnnotationNull:
    699       if (UNLIKELY(value_arg != 0)) {
    700         ErrorStringPrintf("Bad encoded_value null value_arg %x", value_arg);
    701         return false;
    702       }
    703       break;
    704     case DexFile::kDexAnnotationBoolean:
    705       if (UNLIKELY(value_arg > 1)) {
    706         ErrorStringPrintf("Bad encoded_value boolean size %x", value_arg);
    707         return false;
    708       }
    709       break;
    710     default:
    711       ErrorStringPrintf("Bogus encoded_value value_type %x", value_type);
    712       return false;
    713   }
    714 
    715   return true;
    716 }
    717 
    718 bool DexFileVerifier::CheckEncodedArray() {
    719   uint32_t size = DecodeUnsignedLeb128(&ptr_);
    720 
    721   while (size--) {
    722     if (!CheckEncodedValue()) {
    723       failure_reason_ = StringPrintf("Bad encoded_array value: %s", failure_reason_.c_str());
    724       return false;
    725     }
    726   }
    727   return true;
    728 }
    729 
    730 bool DexFileVerifier::CheckEncodedAnnotation() {
    731   uint32_t idx = DecodeUnsignedLeb128(&ptr_);
    732   if (!CheckIndex(idx, header_->type_ids_size_, "encoded_annotation type_idx")) {
    733     return false;
    734   }
    735 
    736   uint32_t size = DecodeUnsignedLeb128(&ptr_);
    737   uint32_t last_idx = 0;
    738 
    739   for (uint32_t i = 0; i < size; i++) {
    740     idx = DecodeUnsignedLeb128(&ptr_);
    741     if (!CheckIndex(idx, header_->string_ids_size_, "annotation_element name_idx")) {
    742       return false;
    743     }
    744 
    745     if (UNLIKELY(last_idx >= idx && i != 0)) {
    746       ErrorStringPrintf("Out-of-order annotation_element name_idx: %x then %x",
    747                         last_idx, idx);
    748       return false;
    749     }
    750 
    751     if (!CheckEncodedValue()) {
    752       return false;
    753     }
    754 
    755     last_idx = idx;
    756   }
    757   return true;
    758 }
    759 
    760 bool DexFileVerifier::FindClassFlags(uint32_t index,
    761                                      bool is_field,
    762                                      uint16_t* class_type_index,
    763                                      uint32_t* class_access_flags) {
    764   DCHECK(class_type_index != nullptr);
    765   DCHECK(class_access_flags != nullptr);
    766 
    767   // First check if the index is valid.
    768   if (index >= (is_field ? header_->field_ids_size_ : header_->method_ids_size_)) {
    769     return false;
    770   }
    771 
    772   // Next get the type index.
    773   if (is_field) {
    774     *class_type_index =
    775         (reinterpret_cast<const DexFile::FieldId*>(begin_ + header_->field_ids_off_) + index)->
    776             class_idx_;
    777   } else {
    778     *class_type_index =
    779         (reinterpret_cast<const DexFile::MethodId*>(begin_ + header_->method_ids_off_) + index)->
    780             class_idx_;
    781   }
    782 
    783   // Check if that is valid.
    784   if (*class_type_index >= header_->type_ids_size_) {
    785     return false;
    786   }
    787 
    788   // Now search for the class def. This is basically a specialized version of the DexFile code, as
    789   // we should not trust that this is a valid DexFile just yet.
    790   const DexFile::ClassDef* class_def_begin =
    791       reinterpret_cast<const DexFile::ClassDef*>(begin_ + header_->class_defs_off_);
    792   for (size_t i = 0; i < header_->class_defs_size_; ++i) {
    793     const DexFile::ClassDef* class_def = class_def_begin + i;
    794     if (class_def->class_idx_ == *class_type_index) {
    795       *class_access_flags = class_def->access_flags_;
    796       return true;
    797     }
    798   }
    799 
    800   // Didn't find the class-def, not defined here...
    801   return false;
    802 }
    803 
    804 bool DexFileVerifier::CheckOrderAndGetClassFlags(bool is_field,
    805                                                  const char* type_descr,
    806                                                  uint32_t curr_index,
    807                                                  uint32_t prev_index,
    808                                                  bool* have_class,
    809                                                  uint16_t* class_type_index,
    810                                                  uint32_t* class_access_flags) {
    811   if (curr_index < prev_index) {
    812     ErrorStringPrintf("out-of-order %s indexes %" PRIu32 " and %" PRIu32,
    813                       type_descr,
    814                       prev_index,
    815                       curr_index);
    816     return false;
    817   }
    818 
    819   if (!*have_class) {
    820     *have_class = FindClassFlags(curr_index, is_field, class_type_index, class_access_flags);
    821     if (!*have_class) {
    822       // Should have really found one.
    823       ErrorStringPrintf("could not find declaring class for %s index %" PRIu32,
    824                         type_descr,
    825                         curr_index);
    826       return false;
    827     }
    828   }
    829   return true;
    830 }
    831 
    832 template <bool kStatic>
    833 bool DexFileVerifier::CheckIntraClassDataItemFields(ClassDataItemIterator* it,
    834                                                     bool* have_class,
    835                                                     uint16_t* class_type_index,
    836                                                     uint32_t* class_access_flags) {
    837   DCHECK(it != nullptr);
    838   // These calls use the raw access flags to check whether the whole dex field is valid.
    839   uint32_t prev_index = 0;
    840   for (; kStatic ? it->HasNextStaticField() : it->HasNextInstanceField(); it->Next()) {
    841     uint32_t curr_index = it->GetMemberIndex();
    842     if (!CheckOrderAndGetClassFlags(true,
    843                                     kStatic ? "static field" : "instance field",
    844                                     curr_index,
    845                                     prev_index,
    846                                     have_class,
    847                                     class_type_index,
    848                                     class_access_flags)) {
    849       return false;
    850     }
    851     prev_index = curr_index;
    852 
    853     if (!CheckClassDataItemField(curr_index,
    854                                  it->GetRawMemberAccessFlags(),
    855                                  *class_access_flags,
    856                                  *class_type_index,
    857                                  kStatic)) {
    858       return false;
    859     }
    860   }
    861 
    862   return true;
    863 }
    864 
    865 template <bool kDirect>
    866 bool DexFileVerifier::CheckIntraClassDataItemMethods(
    867     ClassDataItemIterator* it,
    868     std::unordered_set<uint32_t>* direct_method_indexes,
    869     bool* have_class,
    870     uint16_t* class_type_index,
    871     uint32_t* class_access_flags) {
    872   uint32_t prev_index = 0;
    873   for (; kDirect ? it->HasNextDirectMethod() : it->HasNextVirtualMethod(); it->Next()) {
    874     uint32_t curr_index = it->GetMemberIndex();
    875     if (!CheckOrderAndGetClassFlags(false,
    876                                     kDirect ? "direct method" : "virtual method",
    877                                     curr_index,
    878                                     prev_index,
    879                                     have_class,
    880                                     class_type_index,
    881                                     class_access_flags)) {
    882       return false;
    883     }
    884     prev_index = curr_index;
    885 
    886     if (!CheckClassDataItemMethod(curr_index,
    887                                   it->GetRawMemberAccessFlags(),
    888                                   *class_access_flags,
    889                                   *class_type_index,
    890                                   it->GetMethodCodeItemOffset(),
    891                                   direct_method_indexes,
    892                                   kDirect)) {
    893       return false;
    894     }
    895   }
    896 
    897   return true;
    898 }
    899 
    900 bool DexFileVerifier::CheckIntraClassDataItem() {
    901   ClassDataItemIterator it(*dex_file_, ptr_);
    902   std::unordered_set<uint32_t> direct_method_indexes;
    903 
    904   // This code is complicated by the fact that we don't directly know which class this belongs to.
    905   // So we need to explicitly search with the first item we find (either field or method), and then,
    906   // as the lookup is expensive, cache the result.
    907   bool have_class = false;
    908   uint16_t class_type_index;
    909   uint32_t class_access_flags;
    910 
    911   // Check fields.
    912   if (!CheckIntraClassDataItemFields<true>(&it,
    913                                            &have_class,
    914                                            &class_type_index,
    915                                            &class_access_flags)) {
    916     return false;
    917   }
    918   if (!CheckIntraClassDataItemFields<false>(&it,
    919                                             &have_class,
    920                                             &class_type_index,
    921                                             &class_access_flags)) {
    922     return false;
    923   }
    924 
    925   // Check methods.
    926   if (!CheckIntraClassDataItemMethods<true>(&it,
    927                                             &direct_method_indexes,
    928                                             &have_class,
    929                                             &class_type_index,
    930                                             &class_access_flags)) {
    931     return false;
    932   }
    933   if (!CheckIntraClassDataItemMethods<false>(&it,
    934                                              &direct_method_indexes,
    935                                              &have_class,
    936                                              &class_type_index,
    937                                              &class_access_flags)) {
    938     return false;
    939   }
    940 
    941   ptr_ = it.EndDataPointer();
    942   return true;
    943 }
    944 
    945 bool DexFileVerifier::CheckIntraCodeItem() {
    946   const DexFile::CodeItem* code_item = reinterpret_cast<const DexFile::CodeItem*>(ptr_);
    947   if (!CheckListSize(code_item, 1, sizeof(DexFile::CodeItem), "code")) {
    948     return false;
    949   }
    950 
    951   if (UNLIKELY(code_item->ins_size_ > code_item->registers_size_)) {
    952     ErrorStringPrintf("ins_size (%ud) > registers_size (%ud)",
    953                       code_item->ins_size_, code_item->registers_size_);
    954     return false;
    955   }
    956 
    957   if (UNLIKELY((code_item->outs_size_ > 5) &&
    958                (code_item->outs_size_ > code_item->registers_size_))) {
    959     /*
    960      * outs_size can be up to 5, even if registers_size is smaller, since the
    961      * short forms of method invocation allow repetitions of a register multiple
    962      * times within a single parameter list. However, longer parameter lists
    963      * need to be represented in-order in the register file.
    964      */
    965     ErrorStringPrintf("outs_size (%ud) > registers_size (%ud)",
    966                       code_item->outs_size_, code_item->registers_size_);
    967     return false;
    968   }
    969 
    970   const uint16_t* insns = code_item->insns_;
    971   uint32_t insns_size = code_item->insns_size_in_code_units_;
    972   if (!CheckListSize(insns, insns_size, sizeof(uint16_t), "insns size")) {
    973     return false;
    974   }
    975 
    976   // Grab the end of the insns if there are no try_items.
    977   uint32_t try_items_size = code_item->tries_size_;
    978   if (try_items_size == 0) {
    979     ptr_ = reinterpret_cast<const uint8_t*>(&insns[insns_size]);
    980     return true;
    981   }
    982 
    983   // try_items are 4-byte aligned. Verify the spacer is 0.
    984   if (((reinterpret_cast<uintptr_t>(&insns[insns_size]) & 3) != 0) && (insns[insns_size] != 0)) {
    985     ErrorStringPrintf("Non-zero padding: %x", insns[insns_size]);
    986     return false;
    987   }
    988 
    989   const DexFile::TryItem* try_items = DexFile::GetTryItems(*code_item, 0);
    990   if (!CheckListSize(try_items, try_items_size, sizeof(DexFile::TryItem), "try_items size")) {
    991     return false;
    992   }
    993 
    994   ptr_ = DexFile::GetCatchHandlerData(*code_item, 0);
    995   uint32_t handlers_size = DecodeUnsignedLeb128(&ptr_);
    996 
    997   if (UNLIKELY((handlers_size == 0) || (handlers_size >= 65536))) {
    998     ErrorStringPrintf("Invalid handlers_size: %ud", handlers_size);
    999     return false;
   1000   }
   1001 
   1002   std::unique_ptr<uint32_t[]> handler_offsets(new uint32_t[handlers_size]);
   1003   if (!CheckAndGetHandlerOffsets(code_item, &handler_offsets[0], handlers_size)) {
   1004     return false;
   1005   }
   1006 
   1007   uint32_t last_addr = 0;
   1008   while (try_items_size--) {
   1009     if (UNLIKELY(try_items->start_addr_ < last_addr)) {
   1010       ErrorStringPrintf("Out-of_order try_item with start_addr: %x", try_items->start_addr_);
   1011       return false;
   1012     }
   1013 
   1014     if (UNLIKELY(try_items->start_addr_ >= insns_size)) {
   1015       ErrorStringPrintf("Invalid try_item start_addr: %x", try_items->start_addr_);
   1016       return false;
   1017     }
   1018 
   1019     uint32_t i;
   1020     for (i = 0; i < handlers_size; i++) {
   1021       if (try_items->handler_off_ == handler_offsets[i]) {
   1022         break;
   1023       }
   1024     }
   1025 
   1026     if (UNLIKELY(i == handlers_size)) {
   1027       ErrorStringPrintf("Bogus handler offset: %x", try_items->handler_off_);
   1028       return false;
   1029     }
   1030 
   1031     last_addr = try_items->start_addr_ + try_items->insn_count_;
   1032     if (UNLIKELY(last_addr > insns_size)) {
   1033       ErrorStringPrintf("Invalid try_item insn_count: %x", try_items->insn_count_);
   1034       return false;
   1035     }
   1036 
   1037     try_items++;
   1038   }
   1039 
   1040   return true;
   1041 }
   1042 
   1043 bool DexFileVerifier::CheckIntraStringDataItem() {
   1044   uint32_t size = DecodeUnsignedLeb128(&ptr_);
   1045   const uint8_t* file_end = begin_ + size_;
   1046 
   1047   for (uint32_t i = 0; i < size; i++) {
   1048     CHECK_LT(i, size);  // b/15014252 Prevents hitting the impossible case below
   1049     if (UNLIKELY(ptr_ >= file_end)) {
   1050       ErrorStringPrintf("String data would go beyond end-of-file");
   1051       return false;
   1052     }
   1053 
   1054     uint8_t byte = *(ptr_++);
   1055 
   1056     // Switch on the high 4 bits.
   1057     switch (byte >> 4) {
   1058       case 0x00:
   1059         // Special case of bit pattern 0xxx.
   1060         if (UNLIKELY(byte == 0)) {
   1061           CHECK_LT(i, size);  // b/15014252 Actually hit this impossible case with clang
   1062           ErrorStringPrintf("String data shorter than indicated utf16_size %x", size);
   1063           return false;
   1064         }
   1065         break;
   1066       case 0x01:
   1067       case 0x02:
   1068       case 0x03:
   1069       case 0x04:
   1070       case 0x05:
   1071       case 0x06:
   1072       case 0x07:
   1073         // No extra checks necessary for bit pattern 0xxx.
   1074         break;
   1075       case 0x08:
   1076       case 0x09:
   1077       case 0x0a:
   1078       case 0x0b:
   1079       case 0x0f:
   1080         // Illegal bit patterns 10xx or 1111.
   1081         // Note: 1111 is valid for normal UTF-8, but not here.
   1082         ErrorStringPrintf("Illegal start byte %x in string data", byte);
   1083         return false;
   1084       case 0x0c:
   1085       case 0x0d: {
   1086         // Bit pattern 110x has an additional byte.
   1087         uint8_t byte2 = *(ptr_++);
   1088         if (UNLIKELY((byte2 & 0xc0) != 0x80)) {
   1089           ErrorStringPrintf("Illegal continuation byte %x in string data", byte2);
   1090           return false;
   1091         }
   1092         uint16_t value = ((byte & 0x1f) << 6) | (byte2 & 0x3f);
   1093         if (UNLIKELY((value != 0) && (value < 0x80))) {
   1094           ErrorStringPrintf("Illegal representation for value %x in string data", value);
   1095           return false;
   1096         }
   1097         break;
   1098       }
   1099       case 0x0e: {
   1100         // Bit pattern 1110 has 2 additional bytes.
   1101         uint8_t byte2 = *(ptr_++);
   1102         if (UNLIKELY((byte2 & 0xc0) != 0x80)) {
   1103           ErrorStringPrintf("Illegal continuation byte %x in string data", byte2);
   1104           return false;
   1105         }
   1106         uint8_t byte3 = *(ptr_++);
   1107         if (UNLIKELY((byte3 & 0xc0) != 0x80)) {
   1108           ErrorStringPrintf("Illegal continuation byte %x in string data", byte3);
   1109           return false;
   1110         }
   1111         uint16_t value = ((byte & 0x0f) << 12) | ((byte2 & 0x3f) << 6) | (byte3 & 0x3f);
   1112         if (UNLIKELY(value < 0x800)) {
   1113           ErrorStringPrintf("Illegal representation for value %x in string data", value);
   1114           return false;
   1115         }
   1116         break;
   1117       }
   1118     }
   1119   }
   1120 
   1121   if (UNLIKELY(*(ptr_++) != '\0')) {
   1122     ErrorStringPrintf("String longer than indicated size %x", size);
   1123     return false;
   1124   }
   1125 
   1126   return true;
   1127 }
   1128 
   1129 bool DexFileVerifier::CheckIntraDebugInfoItem() {
   1130   DecodeUnsignedLeb128(&ptr_);
   1131   uint32_t parameters_size = DecodeUnsignedLeb128(&ptr_);
   1132   if (UNLIKELY(parameters_size > 65536)) {
   1133     ErrorStringPrintf("Invalid parameters_size: %x", parameters_size);
   1134     return false;
   1135   }
   1136 
   1137   for (uint32_t j = 0; j < parameters_size; j++) {
   1138     uint32_t parameter_name = DecodeUnsignedLeb128(&ptr_);
   1139     if (parameter_name != 0) {
   1140       parameter_name--;
   1141       if (!CheckIndex(parameter_name, header_->string_ids_size_, "debug_info_item parameter_name")) {
   1142         return false;
   1143       }
   1144     }
   1145   }
   1146 
   1147   while (true) {
   1148     uint8_t opcode = *(ptr_++);
   1149     switch (opcode) {
   1150       case DexFile::DBG_END_SEQUENCE: {
   1151         return true;
   1152       }
   1153       case DexFile::DBG_ADVANCE_PC: {
   1154         DecodeUnsignedLeb128(&ptr_);
   1155         break;
   1156       }
   1157       case DexFile::DBG_ADVANCE_LINE: {
   1158         DecodeSignedLeb128(&ptr_);
   1159         break;
   1160       }
   1161       case DexFile::DBG_START_LOCAL: {
   1162         uint32_t reg_num = DecodeUnsignedLeb128(&ptr_);
   1163         if (UNLIKELY(reg_num >= 65536)) {
   1164           ErrorStringPrintf("Bad reg_num for opcode %x", opcode);
   1165           return false;
   1166         }
   1167         uint32_t name_idx = DecodeUnsignedLeb128(&ptr_);
   1168         if (name_idx != 0) {
   1169           name_idx--;
   1170           if (!CheckIndex(name_idx, header_->string_ids_size_, "DBG_START_LOCAL name_idx")) {
   1171             return false;
   1172           }
   1173         }
   1174         uint32_t type_idx = DecodeUnsignedLeb128(&ptr_);
   1175         if (type_idx != 0) {
   1176           type_idx--;
   1177           if (!CheckIndex(type_idx, header_->type_ids_size_, "DBG_START_LOCAL type_idx")) {
   1178             return false;
   1179           }
   1180         }
   1181         break;
   1182       }
   1183       case DexFile::DBG_END_LOCAL:
   1184       case DexFile::DBG_RESTART_LOCAL: {
   1185         uint32_t reg_num = DecodeUnsignedLeb128(&ptr_);
   1186         if (UNLIKELY(reg_num >= 65536)) {
   1187           ErrorStringPrintf("Bad reg_num for opcode %x", opcode);
   1188           return false;
   1189         }
   1190         break;
   1191       }
   1192       case DexFile::DBG_START_LOCAL_EXTENDED: {
   1193         uint32_t reg_num = DecodeUnsignedLeb128(&ptr_);
   1194         if (UNLIKELY(reg_num >= 65536)) {
   1195           ErrorStringPrintf("Bad reg_num for opcode %x", opcode);
   1196           return false;
   1197         }
   1198         uint32_t name_idx = DecodeUnsignedLeb128(&ptr_);
   1199         if (name_idx != 0) {
   1200           name_idx--;
   1201           if (!CheckIndex(name_idx, header_->string_ids_size_, "DBG_START_LOCAL_EXTENDED name_idx")) {
   1202             return false;
   1203           }
   1204         }
   1205         uint32_t type_idx = DecodeUnsignedLeb128(&ptr_);
   1206         if (type_idx != 0) {
   1207           type_idx--;
   1208           if (!CheckIndex(type_idx, header_->type_ids_size_, "DBG_START_LOCAL_EXTENDED type_idx")) {
   1209             return false;
   1210           }
   1211         }
   1212         uint32_t sig_idx = DecodeUnsignedLeb128(&ptr_);
   1213         if (sig_idx != 0) {
   1214           sig_idx--;
   1215           if (!CheckIndex(sig_idx, header_->string_ids_size_, "DBG_START_LOCAL_EXTENDED sig_idx")) {
   1216             return false;
   1217           }
   1218         }
   1219         break;
   1220       }
   1221       case DexFile::DBG_SET_FILE: {
   1222         uint32_t name_idx = DecodeUnsignedLeb128(&ptr_);
   1223         if (name_idx != 0) {
   1224           name_idx--;
   1225           if (!CheckIndex(name_idx, header_->string_ids_size_, "DBG_SET_FILE name_idx")) {
   1226             return false;
   1227           }
   1228         }
   1229         break;
   1230       }
   1231     }
   1232   }
   1233 }
   1234 
   1235 bool DexFileVerifier::CheckIntraAnnotationItem() {
   1236   if (!CheckListSize(ptr_, 1, sizeof(uint8_t), "annotation visibility")) {
   1237     return false;
   1238   }
   1239 
   1240   // Check visibility
   1241   switch (*(ptr_++)) {
   1242     case DexFile::kDexVisibilityBuild:
   1243     case DexFile::kDexVisibilityRuntime:
   1244     case DexFile::kDexVisibilitySystem:
   1245       break;
   1246     default:
   1247       ErrorStringPrintf("Bad annotation visibility: %x", *ptr_);
   1248       return false;
   1249   }
   1250 
   1251   if (!CheckEncodedAnnotation()) {
   1252     return false;
   1253   }
   1254 
   1255   return true;
   1256 }
   1257 
   1258 bool DexFileVerifier::CheckIntraAnnotationsDirectoryItem() {
   1259   const DexFile::AnnotationsDirectoryItem* item =
   1260       reinterpret_cast<const DexFile::AnnotationsDirectoryItem*>(ptr_);
   1261   if (!CheckListSize(item, 1, sizeof(DexFile::AnnotationsDirectoryItem), "annotations_directory")) {
   1262     return false;
   1263   }
   1264 
   1265   // Field annotations follow immediately after the annotations directory.
   1266   const DexFile::FieldAnnotationsItem* field_item =
   1267       reinterpret_cast<const DexFile::FieldAnnotationsItem*>(item + 1);
   1268   uint32_t field_count = item->fields_size_;
   1269   if (!CheckListSize(field_item, field_count, sizeof(DexFile::FieldAnnotationsItem), "field_annotations list")) {
   1270     return false;
   1271   }
   1272 
   1273   uint32_t last_idx = 0;
   1274   for (uint32_t i = 0; i < field_count; i++) {
   1275     if (UNLIKELY(last_idx >= field_item->field_idx_ && i != 0)) {
   1276       ErrorStringPrintf("Out-of-order field_idx for annotation: %x then %x", last_idx, field_item->field_idx_);
   1277       return false;
   1278     }
   1279     last_idx = field_item->field_idx_;
   1280     field_item++;
   1281   }
   1282 
   1283   // Method annotations follow immediately after field annotations.
   1284   const DexFile::MethodAnnotationsItem* method_item =
   1285       reinterpret_cast<const DexFile::MethodAnnotationsItem*>(field_item);
   1286   uint32_t method_count = item->methods_size_;
   1287   if (!CheckListSize(method_item, method_count, sizeof(DexFile::MethodAnnotationsItem), "method_annotations list")) {
   1288     return false;
   1289   }
   1290 
   1291   last_idx = 0;
   1292   for (uint32_t i = 0; i < method_count; i++) {
   1293     if (UNLIKELY(last_idx >= method_item->method_idx_ && i != 0)) {
   1294       ErrorStringPrintf("Out-of-order method_idx for annotation: %x then %x",
   1295                        last_idx, method_item->method_idx_);
   1296       return false;
   1297     }
   1298     last_idx = method_item->method_idx_;
   1299     method_item++;
   1300   }
   1301 
   1302   // Parameter annotations follow immediately after method annotations.
   1303   const DexFile::ParameterAnnotationsItem* parameter_item =
   1304       reinterpret_cast<const DexFile::ParameterAnnotationsItem*>(method_item);
   1305   uint32_t parameter_count = item->parameters_size_;
   1306   if (!CheckListSize(parameter_item, parameter_count, sizeof(DexFile::ParameterAnnotationsItem),
   1307                      "parameter_annotations list")) {
   1308     return false;
   1309   }
   1310 
   1311   last_idx = 0;
   1312   for (uint32_t i = 0; i < parameter_count; i++) {
   1313     if (UNLIKELY(last_idx >= parameter_item->method_idx_ && i != 0)) {
   1314       ErrorStringPrintf("Out-of-order method_idx for annotation: %x then %x",
   1315                         last_idx, parameter_item->method_idx_);
   1316       return false;
   1317     }
   1318     last_idx = parameter_item->method_idx_;
   1319     parameter_item++;
   1320   }
   1321 
   1322   // Return a pointer to the end of the annotations.
   1323   ptr_ = reinterpret_cast<const uint8_t*>(parameter_item);
   1324   return true;
   1325 }
   1326 
   1327 bool DexFileVerifier::CheckIntraSectionIterate(size_t offset, uint32_t section_count,
   1328                                                uint16_t type) {
   1329   // Get the right alignment mask for the type of section.
   1330   size_t alignment_mask;
   1331   switch (type) {
   1332     case DexFile::kDexTypeClassDataItem:
   1333     case DexFile::kDexTypeStringDataItem:
   1334     case DexFile::kDexTypeDebugInfoItem:
   1335     case DexFile::kDexTypeAnnotationItem:
   1336     case DexFile::kDexTypeEncodedArrayItem:
   1337       alignment_mask = sizeof(uint8_t) - 1;
   1338       break;
   1339     default:
   1340       alignment_mask = sizeof(uint32_t) - 1;
   1341       break;
   1342   }
   1343 
   1344   // Iterate through the items in the section.
   1345   for (uint32_t i = 0; i < section_count; i++) {
   1346     size_t aligned_offset = (offset + alignment_mask) & ~alignment_mask;
   1347 
   1348     // Check the padding between items.
   1349     if (!CheckPadding(offset, aligned_offset)) {
   1350       return false;
   1351     }
   1352 
   1353     // Check depending on the section type.
   1354     switch (type) {
   1355       case DexFile::kDexTypeStringIdItem: {
   1356         if (!CheckListSize(ptr_, 1, sizeof(DexFile::StringId), "string_ids")) {
   1357           return false;
   1358         }
   1359         ptr_ += sizeof(DexFile::StringId);
   1360         break;
   1361       }
   1362       case DexFile::kDexTypeTypeIdItem: {
   1363         if (!CheckListSize(ptr_, 1, sizeof(DexFile::TypeId), "type_ids")) {
   1364           return false;
   1365         }
   1366         ptr_ += sizeof(DexFile::TypeId);
   1367         break;
   1368       }
   1369       case DexFile::kDexTypeProtoIdItem: {
   1370         if (!CheckListSize(ptr_, 1, sizeof(DexFile::ProtoId), "proto_ids")) {
   1371           return false;
   1372         }
   1373         ptr_ += sizeof(DexFile::ProtoId);
   1374         break;
   1375       }
   1376       case DexFile::kDexTypeFieldIdItem: {
   1377         if (!CheckListSize(ptr_, 1, sizeof(DexFile::FieldId), "field_ids")) {
   1378           return false;
   1379         }
   1380         ptr_ += sizeof(DexFile::FieldId);
   1381         break;
   1382       }
   1383       case DexFile::kDexTypeMethodIdItem: {
   1384         if (!CheckListSize(ptr_, 1, sizeof(DexFile::MethodId), "method_ids")) {
   1385           return false;
   1386         }
   1387         ptr_ += sizeof(DexFile::MethodId);
   1388         break;
   1389       }
   1390       case DexFile::kDexTypeClassDefItem: {
   1391         if (!CheckListSize(ptr_, 1, sizeof(DexFile::ClassDef), "class_defs")) {
   1392           return false;
   1393         }
   1394         ptr_ += sizeof(DexFile::ClassDef);
   1395         break;
   1396       }
   1397       case DexFile::kDexTypeTypeList: {
   1398         if (!CheckList(sizeof(DexFile::TypeItem), "type_list", &ptr_)) {
   1399           return false;
   1400         }
   1401         break;
   1402       }
   1403       case DexFile::kDexTypeAnnotationSetRefList: {
   1404         if (!CheckList(sizeof(DexFile::AnnotationSetRefItem), "annotation_set_ref_list", &ptr_)) {
   1405           return false;
   1406         }
   1407         break;
   1408       }
   1409       case DexFile::kDexTypeAnnotationSetItem: {
   1410         if (!CheckList(sizeof(uint32_t), "annotation_set_item", &ptr_)) {
   1411           return false;
   1412         }
   1413         break;
   1414       }
   1415       case DexFile::kDexTypeClassDataItem: {
   1416         if (!CheckIntraClassDataItem()) {
   1417           return false;
   1418         }
   1419         break;
   1420       }
   1421       case DexFile::kDexTypeCodeItem: {
   1422         if (!CheckIntraCodeItem()) {
   1423           return false;
   1424         }
   1425         break;
   1426       }
   1427       case DexFile::kDexTypeStringDataItem: {
   1428         if (!CheckIntraStringDataItem()) {
   1429           return false;
   1430         }
   1431         break;
   1432       }
   1433       case DexFile::kDexTypeDebugInfoItem: {
   1434         if (!CheckIntraDebugInfoItem()) {
   1435           return false;
   1436         }
   1437         break;
   1438       }
   1439       case DexFile::kDexTypeAnnotationItem: {
   1440         if (!CheckIntraAnnotationItem()) {
   1441           return false;
   1442         }
   1443         break;
   1444       }
   1445       case DexFile::kDexTypeEncodedArrayItem: {
   1446         if (!CheckEncodedArray()) {
   1447           return false;
   1448         }
   1449         break;
   1450       }
   1451       case DexFile::kDexTypeAnnotationsDirectoryItem: {
   1452         if (!CheckIntraAnnotationsDirectoryItem()) {
   1453           return false;
   1454         }
   1455         break;
   1456       }
   1457       default:
   1458         ErrorStringPrintf("Unknown map item type %x", type);
   1459         return false;
   1460     }
   1461 
   1462     if (IsDataSectionType(type)) {
   1463       if (aligned_offset == 0u) {
   1464         ErrorStringPrintf("Item %d offset is 0", i);
   1465         return false;
   1466       }
   1467       DCHECK(offset_to_type_map_.Find(aligned_offset) == offset_to_type_map_.end());
   1468       offset_to_type_map_.Insert(std::pair<uint32_t, uint16_t>(aligned_offset, type));
   1469     }
   1470 
   1471     aligned_offset = ptr_ - begin_;
   1472     if (UNLIKELY(aligned_offset > size_)) {
   1473       ErrorStringPrintf("Item %d at ends out of bounds", i);
   1474       return false;
   1475     }
   1476 
   1477     offset = aligned_offset;
   1478   }
   1479 
   1480   return true;
   1481 }
   1482 
   1483 bool DexFileVerifier::CheckIntraIdSection(size_t offset, uint32_t count, uint16_t type) {
   1484   uint32_t expected_offset;
   1485   uint32_t expected_size;
   1486 
   1487   // Get the expected offset and size from the header.
   1488   switch (type) {
   1489     case DexFile::kDexTypeStringIdItem:
   1490       expected_offset = header_->string_ids_off_;
   1491       expected_size = header_->string_ids_size_;
   1492       break;
   1493     case DexFile::kDexTypeTypeIdItem:
   1494       expected_offset = header_->type_ids_off_;
   1495       expected_size = header_->type_ids_size_;
   1496       break;
   1497     case DexFile::kDexTypeProtoIdItem:
   1498       expected_offset = header_->proto_ids_off_;
   1499       expected_size = header_->proto_ids_size_;
   1500       break;
   1501     case DexFile::kDexTypeFieldIdItem:
   1502       expected_offset = header_->field_ids_off_;
   1503       expected_size = header_->field_ids_size_;
   1504       break;
   1505     case DexFile::kDexTypeMethodIdItem:
   1506       expected_offset = header_->method_ids_off_;
   1507       expected_size = header_->method_ids_size_;
   1508       break;
   1509     case DexFile::kDexTypeClassDefItem:
   1510       expected_offset = header_->class_defs_off_;
   1511       expected_size = header_->class_defs_size_;
   1512       break;
   1513     default:
   1514       ErrorStringPrintf("Bad type for id section: %x", type);
   1515       return false;
   1516   }
   1517 
   1518   // Check that the offset and size are what were expected from the header.
   1519   if (UNLIKELY(offset != expected_offset)) {
   1520     ErrorStringPrintf("Bad offset for section: got %zx, expected %x", offset, expected_offset);
   1521     return false;
   1522   }
   1523   if (UNLIKELY(count != expected_size)) {
   1524     ErrorStringPrintf("Bad size for section: got %x, expected %x", count, expected_size);
   1525     return false;
   1526   }
   1527 
   1528   return CheckIntraSectionIterate(offset, count, type);
   1529 }
   1530 
   1531 bool DexFileVerifier::CheckIntraDataSection(size_t offset, uint32_t count, uint16_t type) {
   1532   size_t data_start = header_->data_off_;
   1533   size_t data_end = data_start + header_->data_size_;
   1534 
   1535   // Sanity check the offset of the section.
   1536   if (UNLIKELY((offset < data_start) || (offset > data_end))) {
   1537     ErrorStringPrintf("Bad offset for data subsection: %zx", offset);
   1538     return false;
   1539   }
   1540 
   1541   if (!CheckIntraSectionIterate(offset, count, type)) {
   1542     return false;
   1543   }
   1544 
   1545   size_t next_offset = ptr_ - begin_;
   1546   if (next_offset > data_end) {
   1547     ErrorStringPrintf("Out-of-bounds end of data subsection: %zx", next_offset);
   1548     return false;
   1549   }
   1550 
   1551   return true;
   1552 }
   1553 
   1554 bool DexFileVerifier::CheckIntraSection() {
   1555   const DexFile::MapList* map = reinterpret_cast<const DexFile::MapList*>(begin_ + header_->map_off_);
   1556   const DexFile::MapItem* item = map->list_;
   1557 
   1558   uint32_t count = map->size_;
   1559   size_t offset = 0;
   1560   ptr_ = begin_;
   1561 
   1562   // Check the items listed in the map.
   1563   while (count--) {
   1564     uint32_t section_offset = item->offset_;
   1565     uint32_t section_count = item->size_;
   1566     uint16_t type = item->type_;
   1567 
   1568     // Check for padding and overlap between items.
   1569     if (!CheckPadding(offset, section_offset)) {
   1570       return false;
   1571     } else if (UNLIKELY(offset > section_offset)) {
   1572       ErrorStringPrintf("Section overlap or out-of-order map: %zx, %x", offset, section_offset);
   1573       return false;
   1574     }
   1575 
   1576     // Check each item based on its type.
   1577     switch (type) {
   1578       case DexFile::kDexTypeHeaderItem:
   1579         if (UNLIKELY(section_count != 1)) {
   1580           ErrorStringPrintf("Multiple header items");
   1581           return false;
   1582         }
   1583         if (UNLIKELY(section_offset != 0)) {
   1584           ErrorStringPrintf("Header at %x, not at start of file", section_offset);
   1585           return false;
   1586         }
   1587         ptr_ = begin_ + header_->header_size_;
   1588         offset = header_->header_size_;
   1589         break;
   1590       case DexFile::kDexTypeStringIdItem:
   1591       case DexFile::kDexTypeTypeIdItem:
   1592       case DexFile::kDexTypeProtoIdItem:
   1593       case DexFile::kDexTypeFieldIdItem:
   1594       case DexFile::kDexTypeMethodIdItem:
   1595       case DexFile::kDexTypeClassDefItem:
   1596         if (!CheckIntraIdSection(section_offset, section_count, type)) {
   1597           return false;
   1598         }
   1599         offset = ptr_ - begin_;
   1600         break;
   1601       case DexFile::kDexTypeMapList:
   1602         if (UNLIKELY(section_count != 1)) {
   1603           ErrorStringPrintf("Multiple map list items");
   1604           return false;
   1605         }
   1606         if (UNLIKELY(section_offset != header_->map_off_)) {
   1607           ErrorStringPrintf("Map not at header-defined offset: %x, expected %x",
   1608                             section_offset, header_->map_off_);
   1609           return false;
   1610         }
   1611         ptr_ += sizeof(uint32_t) + (map->size_ * sizeof(DexFile::MapItem));
   1612         offset = section_offset + sizeof(uint32_t) + (map->size_ * sizeof(DexFile::MapItem));
   1613         break;
   1614       case DexFile::kDexTypeTypeList:
   1615       case DexFile::kDexTypeAnnotationSetRefList:
   1616       case DexFile::kDexTypeAnnotationSetItem:
   1617       case DexFile::kDexTypeClassDataItem:
   1618       case DexFile::kDexTypeCodeItem:
   1619       case DexFile::kDexTypeStringDataItem:
   1620       case DexFile::kDexTypeDebugInfoItem:
   1621       case DexFile::kDexTypeAnnotationItem:
   1622       case DexFile::kDexTypeEncodedArrayItem:
   1623       case DexFile::kDexTypeAnnotationsDirectoryItem:
   1624         if (!CheckIntraDataSection(section_offset, section_count, type)) {
   1625           return false;
   1626         }
   1627         offset = ptr_ - begin_;
   1628         break;
   1629       default:
   1630         ErrorStringPrintf("Unknown map item type %x", type);
   1631         return false;
   1632     }
   1633 
   1634     item++;
   1635   }
   1636 
   1637   return true;
   1638 }
   1639 
   1640 bool DexFileVerifier::CheckOffsetToTypeMap(size_t offset, uint16_t type) {
   1641   DCHECK_NE(offset, 0u);
   1642   auto it = offset_to_type_map_.Find(offset);
   1643   if (UNLIKELY(it == offset_to_type_map_.end())) {
   1644     ErrorStringPrintf("No data map entry found @ %zx; expected %x", offset, type);
   1645     return false;
   1646   }
   1647   if (UNLIKELY(it->second != type)) {
   1648     ErrorStringPrintf("Unexpected data map entry @ %zx; expected %x, found %x",
   1649                       offset, type, it->second);
   1650     return false;
   1651   }
   1652   return true;
   1653 }
   1654 
   1655 uint16_t DexFileVerifier::FindFirstClassDataDefiner(const uint8_t* ptr, bool* success) {
   1656   ClassDataItemIterator it(*dex_file_, ptr);
   1657   *success = true;
   1658 
   1659   if (it.HasNextStaticField() || it.HasNextInstanceField()) {
   1660     LOAD_FIELD(field, it.GetMemberIndex(), "first_class_data_definer field_id",
   1661                *success = false; return DexFile::kDexNoIndex16)
   1662     return field->class_idx_;
   1663   }
   1664 
   1665   if (it.HasNextDirectMethod() || it.HasNextVirtualMethod()) {
   1666     LOAD_METHOD(method, it.GetMemberIndex(), "first_class_data_definer method_id",
   1667                 *success = false; return DexFile::kDexNoIndex16)
   1668     return method->class_idx_;
   1669   }
   1670 
   1671   return DexFile::kDexNoIndex16;
   1672 }
   1673 
   1674 uint16_t DexFileVerifier::FindFirstAnnotationsDirectoryDefiner(const uint8_t* ptr, bool* success) {
   1675   const DexFile::AnnotationsDirectoryItem* item =
   1676       reinterpret_cast<const DexFile::AnnotationsDirectoryItem*>(ptr);
   1677   *success = true;
   1678 
   1679   if (item->fields_size_ != 0) {
   1680     DexFile::FieldAnnotationsItem* field_items = (DexFile::FieldAnnotationsItem*) (item + 1);
   1681     LOAD_FIELD(field, field_items[0].field_idx_, "first_annotations_dir_definer field_id",
   1682                *success = false; return DexFile::kDexNoIndex16)
   1683     return field->class_idx_;
   1684   }
   1685 
   1686   if (item->methods_size_ != 0) {
   1687     DexFile::MethodAnnotationsItem* method_items = (DexFile::MethodAnnotationsItem*) (item + 1);
   1688     LOAD_METHOD(method, method_items[0].method_idx_, "first_annotations_dir_definer method id",
   1689                 *success = false; return DexFile::kDexNoIndex16)
   1690     return method->class_idx_;
   1691   }
   1692 
   1693   if (item->parameters_size_ != 0) {
   1694     DexFile::ParameterAnnotationsItem* parameter_items = (DexFile::ParameterAnnotationsItem*) (item + 1);
   1695     LOAD_METHOD(method, parameter_items[0].method_idx_, "first_annotations_dir_definer method id",
   1696                 *success = false; return DexFile::kDexNoIndex16)
   1697     return method->class_idx_;
   1698   }
   1699 
   1700   return DexFile::kDexNoIndex16;
   1701 }
   1702 
   1703 bool DexFileVerifier::CheckInterStringIdItem() {
   1704   const DexFile::StringId* item = reinterpret_cast<const DexFile::StringId*>(ptr_);
   1705 
   1706   // Check the map to make sure it has the right offset->type.
   1707   if (!CheckOffsetToTypeMap(item->string_data_off_, DexFile::kDexTypeStringDataItem)) {
   1708     return false;
   1709   }
   1710 
   1711   // Check ordering between items.
   1712   if (previous_item_ != nullptr) {
   1713     const DexFile::StringId* prev_item = reinterpret_cast<const DexFile::StringId*>(previous_item_);
   1714     const char* prev_str = dex_file_->GetStringData(*prev_item);
   1715     const char* str = dex_file_->GetStringData(*item);
   1716     if (UNLIKELY(CompareModifiedUtf8ToModifiedUtf8AsUtf16CodePointValues(prev_str, str) >= 0)) {
   1717       ErrorStringPrintf("Out-of-order string_ids: '%s' then '%s'", prev_str, str);
   1718       return false;
   1719     }
   1720   }
   1721 
   1722   ptr_ += sizeof(DexFile::StringId);
   1723   return true;
   1724 }
   1725 
   1726 bool DexFileVerifier::CheckInterTypeIdItem() {
   1727   const DexFile::TypeId* item = reinterpret_cast<const DexFile::TypeId*>(ptr_);
   1728 
   1729   LOAD_STRING(descriptor, item->descriptor_idx_, "inter_type_id_item descriptor_idx")
   1730 
   1731   // Check that the descriptor is a valid type.
   1732   if (UNLIKELY(!IsValidDescriptor(descriptor))) {
   1733     ErrorStringPrintf("Invalid type descriptor: '%s'", descriptor);
   1734     return false;
   1735   }
   1736 
   1737   // Check ordering between items.
   1738   if (previous_item_ != nullptr) {
   1739     const DexFile::TypeId* prev_item = reinterpret_cast<const DexFile::TypeId*>(previous_item_);
   1740     if (UNLIKELY(prev_item->descriptor_idx_ >= item->descriptor_idx_)) {
   1741       ErrorStringPrintf("Out-of-order type_ids: %x then %x",
   1742                         prev_item->descriptor_idx_, item->descriptor_idx_);
   1743       return false;
   1744     }
   1745   }
   1746 
   1747   ptr_ += sizeof(DexFile::TypeId);
   1748   return true;
   1749 }
   1750 
   1751 bool DexFileVerifier::CheckInterProtoIdItem() {
   1752   const DexFile::ProtoId* item = reinterpret_cast<const DexFile::ProtoId*>(ptr_);
   1753 
   1754   LOAD_STRING(shorty, item->shorty_idx_, "inter_proto_id_item shorty_idx")
   1755 
   1756   if (item->parameters_off_ != 0 &&
   1757       !CheckOffsetToTypeMap(item->parameters_off_, DexFile::kDexTypeTypeList)) {
   1758     return false;
   1759   }
   1760 
   1761   // Check the return type and advance the shorty.
   1762   LOAD_STRING_BY_TYPE(return_type, item->return_type_idx_, "inter_proto_id_item return_type_idx")
   1763   if (!CheckShortyDescriptorMatch(*shorty, return_type, true)) {
   1764     return false;
   1765   }
   1766   shorty++;
   1767 
   1768   DexFileParameterIterator it(*dex_file_, *item);
   1769   while (it.HasNext() && *shorty != '\0') {
   1770     if (!CheckIndex(it.GetTypeIdx(), dex_file_->NumTypeIds(),
   1771                     "inter_proto_id_item shorty type_idx")) {
   1772       return false;
   1773     }
   1774     const char* descriptor = it.GetDescriptor();
   1775     if (!CheckShortyDescriptorMatch(*shorty, descriptor, false)) {
   1776       return false;
   1777     }
   1778     it.Next();
   1779     shorty++;
   1780   }
   1781   if (UNLIKELY(it.HasNext() || *shorty != '\0')) {
   1782     ErrorStringPrintf("Mismatched length for parameters and shorty");
   1783     return false;
   1784   }
   1785 
   1786   // Check ordering between items. This relies on type_ids being in order.
   1787   if (previous_item_ != nullptr) {
   1788     const DexFile::ProtoId* prev = reinterpret_cast<const DexFile::ProtoId*>(previous_item_);
   1789     if (UNLIKELY(prev->return_type_idx_ > item->return_type_idx_)) {
   1790       ErrorStringPrintf("Out-of-order proto_id return types");
   1791       return false;
   1792     } else if (prev->return_type_idx_ == item->return_type_idx_) {
   1793       DexFileParameterIterator curr_it(*dex_file_, *item);
   1794       DexFileParameterIterator prev_it(*dex_file_, *prev);
   1795 
   1796       while (curr_it.HasNext() && prev_it.HasNext()) {
   1797         uint16_t prev_idx = prev_it.GetTypeIdx();
   1798         uint16_t curr_idx = curr_it.GetTypeIdx();
   1799         DCHECK_NE(prev_idx, DexFile::kDexNoIndex16);
   1800         DCHECK_NE(curr_idx, DexFile::kDexNoIndex16);
   1801 
   1802         if (prev_idx < curr_idx) {
   1803           break;
   1804         } else if (UNLIKELY(prev_idx > curr_idx)) {
   1805           ErrorStringPrintf("Out-of-order proto_id arguments");
   1806           return false;
   1807         }
   1808 
   1809         prev_it.Next();
   1810         curr_it.Next();
   1811       }
   1812       if (!curr_it.HasNext()) {
   1813         // Either a duplicate ProtoId or a ProtoId with a shorter argument list follows
   1814         // a ProtoId with a longer one. Both cases are forbidden by the specification.
   1815         ErrorStringPrintf("Out-of-order proto_id arguments");
   1816         return false;
   1817       }
   1818     }
   1819   }
   1820 
   1821   ptr_ += sizeof(DexFile::ProtoId);
   1822   return true;
   1823 }
   1824 
   1825 bool DexFileVerifier::CheckInterFieldIdItem() {
   1826   const DexFile::FieldId* item = reinterpret_cast<const DexFile::FieldId*>(ptr_);
   1827 
   1828   // Check that the class descriptor is valid.
   1829   LOAD_STRING_BY_TYPE(class_descriptor, item->class_idx_, "inter_field_id_item class_idx")
   1830   if (UNLIKELY(!IsValidDescriptor(class_descriptor) || class_descriptor[0] != 'L')) {
   1831     ErrorStringPrintf("Invalid descriptor for class_idx: '%s'", class_descriptor);
   1832     return false;
   1833   }
   1834 
   1835   // Check that the type descriptor is a valid field name.
   1836   LOAD_STRING_BY_TYPE(type_descriptor, item->type_idx_, "inter_field_id_item type_idx")
   1837   if (UNLIKELY(!IsValidDescriptor(type_descriptor) || type_descriptor[0] == 'V')) {
   1838     ErrorStringPrintf("Invalid descriptor for type_idx: '%s'", type_descriptor);
   1839     return false;
   1840   }
   1841 
   1842   // Check that the name is valid.
   1843   LOAD_STRING(descriptor, item->name_idx_, "inter_field_id_item name_idx")
   1844   if (UNLIKELY(!IsValidMemberName(descriptor))) {
   1845     ErrorStringPrintf("Invalid field name: '%s'", descriptor);
   1846     return false;
   1847   }
   1848 
   1849   // Check ordering between items. This relies on the other sections being in order.
   1850   if (previous_item_ != nullptr) {
   1851     const DexFile::FieldId* prev_item = reinterpret_cast<const DexFile::FieldId*>(previous_item_);
   1852     if (UNLIKELY(prev_item->class_idx_ > item->class_idx_)) {
   1853       ErrorStringPrintf("Out-of-order field_ids");
   1854       return false;
   1855     } else if (prev_item->class_idx_ == item->class_idx_) {
   1856       if (UNLIKELY(prev_item->name_idx_ > item->name_idx_)) {
   1857         ErrorStringPrintf("Out-of-order field_ids");
   1858         return false;
   1859       } else if (prev_item->name_idx_ == item->name_idx_) {
   1860         if (UNLIKELY(prev_item->type_idx_ >= item->type_idx_)) {
   1861           ErrorStringPrintf("Out-of-order field_ids");
   1862           return false;
   1863         }
   1864       }
   1865     }
   1866   }
   1867 
   1868   ptr_ += sizeof(DexFile::FieldId);
   1869   return true;
   1870 }
   1871 
   1872 bool DexFileVerifier::CheckInterMethodIdItem() {
   1873   const DexFile::MethodId* item = reinterpret_cast<const DexFile::MethodId*>(ptr_);
   1874 
   1875   // Check that the class descriptor is a valid reference name.
   1876   LOAD_STRING_BY_TYPE(class_descriptor, item->class_idx_, "inter_method_id_item class_idx")
   1877   if (UNLIKELY(!IsValidDescriptor(class_descriptor) || (class_descriptor[0] != 'L' &&
   1878                                                         class_descriptor[0] != '['))) {
   1879     ErrorStringPrintf("Invalid descriptor for class_idx: '%s'", class_descriptor);
   1880     return false;
   1881   }
   1882 
   1883   // Check that the name is valid.
   1884   LOAD_STRING(descriptor, item->name_idx_, "inter_method_id_item name_idx")
   1885   if (UNLIKELY(!IsValidMemberName(descriptor))) {
   1886     ErrorStringPrintf("Invalid method name: '%s'", descriptor);
   1887     return false;
   1888   }
   1889 
   1890   // Check that the proto id is valid.
   1891   if (UNLIKELY(!CheckIndex(item->proto_idx_, dex_file_->NumProtoIds(),
   1892                            "inter_method_id_item proto_idx"))) {
   1893     return false;
   1894   }
   1895 
   1896   // Check ordering between items. This relies on the other sections being in order.
   1897   if (previous_item_ != nullptr) {
   1898     const DexFile::MethodId* prev_item = reinterpret_cast<const DexFile::MethodId*>(previous_item_);
   1899     if (UNLIKELY(prev_item->class_idx_ > item->class_idx_)) {
   1900       ErrorStringPrintf("Out-of-order method_ids");
   1901       return false;
   1902     } else if (prev_item->class_idx_ == item->class_idx_) {
   1903       if (UNLIKELY(prev_item->name_idx_ > item->name_idx_)) {
   1904         ErrorStringPrintf("Out-of-order method_ids");
   1905         return false;
   1906       } else if (prev_item->name_idx_ == item->name_idx_) {
   1907         if (UNLIKELY(prev_item->proto_idx_ >= item->proto_idx_)) {
   1908           ErrorStringPrintf("Out-of-order method_ids");
   1909           return false;
   1910         }
   1911       }
   1912     }
   1913   }
   1914 
   1915   ptr_ += sizeof(DexFile::MethodId);
   1916   return true;
   1917 }
   1918 
   1919 bool DexFileVerifier::CheckInterClassDefItem() {
   1920   const DexFile::ClassDef* item = reinterpret_cast<const DexFile::ClassDef*>(ptr_);
   1921 
   1922   // Check for duplicate class def.
   1923   if (defined_classes_.find(item->class_idx_) != defined_classes_.end()) {
   1924     ErrorStringPrintf("Redefinition of class with type idx: '%d'", item->class_idx_);
   1925     return false;
   1926   }
   1927   defined_classes_.insert(item->class_idx_);
   1928 
   1929   LOAD_STRING_BY_TYPE(class_descriptor, item->class_idx_, "inter_class_def_item class_idx")
   1930   if (UNLIKELY(!IsValidDescriptor(class_descriptor) || class_descriptor[0] != 'L')) {
   1931     ErrorStringPrintf("Invalid class descriptor: '%s'", class_descriptor);
   1932     return false;
   1933   }
   1934 
   1935   // Only allow non-runtime modifiers.
   1936   if ((item->access_flags_ & ~kAccJavaFlagsMask) != 0) {
   1937     ErrorStringPrintf("Invalid class flags: '%d'", item->access_flags_);
   1938     return false;
   1939   }
   1940 
   1941   if (item->interfaces_off_ != 0 &&
   1942       !CheckOffsetToTypeMap(item->interfaces_off_, DexFile::kDexTypeTypeList)) {
   1943     return false;
   1944   }
   1945   if (item->annotations_off_ != 0 &&
   1946       !CheckOffsetToTypeMap(item->annotations_off_, DexFile::kDexTypeAnnotationsDirectoryItem)) {
   1947     return false;
   1948   }
   1949   if (item->class_data_off_ != 0 &&
   1950       !CheckOffsetToTypeMap(item->class_data_off_, DexFile::kDexTypeClassDataItem)) {
   1951     return false;
   1952   }
   1953   if (item->static_values_off_ != 0 &&
   1954       !CheckOffsetToTypeMap(item->static_values_off_, DexFile::kDexTypeEncodedArrayItem)) {
   1955     return false;
   1956   }
   1957 
   1958   if (item->superclass_idx_ != DexFile::kDexNoIndex16) {
   1959     if (header_->GetVersion() >= DexFile::kClassDefinitionOrderEnforcedVersion) {
   1960       // Check that a class does not inherit from itself directly (by having
   1961       // the same type idx as its super class).
   1962       if (UNLIKELY(item->superclass_idx_ == item->class_idx_)) {
   1963         ErrorStringPrintf("Class with same type idx as its superclass: '%d'", item->class_idx_);
   1964         return false;
   1965       }
   1966 
   1967       // Check that a class is defined after its super class (if the
   1968       // latter is defined in the same Dex file).
   1969       const DexFile::ClassDef* superclass_def = dex_file_->FindClassDef(item->superclass_idx_);
   1970       if (superclass_def != nullptr) {
   1971         // The superclass is defined in this Dex file.
   1972         if (superclass_def > item) {
   1973           // ClassDef item for super class appearing after the class' ClassDef item.
   1974           ErrorStringPrintf("Invalid class definition ordering:"
   1975                             " class with type idx: '%d' defined before"
   1976                             " superclass with type idx: '%d'",
   1977                             item->class_idx_,
   1978                             item->superclass_idx_);
   1979           return false;
   1980         }
   1981       }
   1982     }
   1983 
   1984     LOAD_STRING_BY_TYPE(superclass_descriptor, item->superclass_idx_,
   1985                         "inter_class_def_item superclass_idx")
   1986     if (UNLIKELY(!IsValidDescriptor(superclass_descriptor) || superclass_descriptor[0] != 'L')) {
   1987       ErrorStringPrintf("Invalid superclass: '%s'", superclass_descriptor);
   1988       return false;
   1989     }
   1990   }
   1991 
   1992   // Check interfaces.
   1993   const DexFile::TypeList* interfaces = dex_file_->GetInterfacesList(*item);
   1994   if (interfaces != nullptr) {
   1995     uint32_t size = interfaces->Size();
   1996     for (uint32_t i = 0; i < size; i++) {
   1997       if (header_->GetVersion() >= DexFile::kClassDefinitionOrderEnforcedVersion) {
   1998         // Check that a class does not implement itself directly (by having the
   1999         // same type idx as one of its immediate implemented interfaces).
   2000         if (UNLIKELY(interfaces->GetTypeItem(i).type_idx_ == item->class_idx_)) {
   2001           ErrorStringPrintf("Class with same type idx as implemented interface: '%d'",
   2002                             item->class_idx_);
   2003           return false;
   2004         }
   2005 
   2006         // Check that a class is defined after the interfaces it implements
   2007         // (if they are defined in the same Dex file).
   2008         const DexFile::ClassDef* interface_def =
   2009             dex_file_->FindClassDef(interfaces->GetTypeItem(i).type_idx_);
   2010         if (interface_def != nullptr) {
   2011           // The interface is defined in this Dex file.
   2012           if (interface_def > item) {
   2013             // ClassDef item for interface appearing after the class' ClassDef item.
   2014             ErrorStringPrintf("Invalid class definition ordering:"
   2015                               " class with type idx: '%d' defined before"
   2016                               " implemented interface with type idx: '%d'",
   2017                               item->class_idx_,
   2018                               interfaces->GetTypeItem(i).type_idx_);
   2019             return false;
   2020           }
   2021         }
   2022       }
   2023 
   2024       // Ensure that the interface refers to a class (not an array nor a primitive type).
   2025       LOAD_STRING_BY_TYPE(inf_descriptor, interfaces->GetTypeItem(i).type_idx_,
   2026                           "inter_class_def_item interface type_idx")
   2027       if (UNLIKELY(!IsValidDescriptor(inf_descriptor) || inf_descriptor[0] != 'L')) {
   2028         ErrorStringPrintf("Invalid interface: '%s'", inf_descriptor);
   2029         return false;
   2030       }
   2031     }
   2032 
   2033     /*
   2034      * Ensure that there are no duplicates. This is an O(N^2) test, but in
   2035      * practice the number of interfaces implemented by any given class is low.
   2036      */
   2037     for (uint32_t i = 1; i < size; i++) {
   2038       uint32_t idx1 = interfaces->GetTypeItem(i).type_idx_;
   2039       for (uint32_t j =0; j < i; j++) {
   2040         uint32_t idx2 = interfaces->GetTypeItem(j).type_idx_;
   2041         if (UNLIKELY(idx1 == idx2)) {
   2042           ErrorStringPrintf("Duplicate interface: '%s'", dex_file_->StringByTypeIdx(idx1));
   2043           return false;
   2044         }
   2045       }
   2046     }
   2047   }
   2048 
   2049   // Check that references in class_data_item are to the right class.
   2050   if (item->class_data_off_ != 0) {
   2051     const uint8_t* data = begin_ + item->class_data_off_;
   2052     bool success;
   2053     uint16_t data_definer = FindFirstClassDataDefiner(data, &success);
   2054     if (!success) {
   2055       return false;
   2056     }
   2057     if (UNLIKELY((data_definer != item->class_idx_) && (data_definer != DexFile::kDexNoIndex16))) {
   2058       ErrorStringPrintf("Invalid class_data_item");
   2059       return false;
   2060     }
   2061   }
   2062 
   2063   // Check that references in annotations_directory_item are to right class.
   2064   if (item->annotations_off_ != 0) {
   2065     // annotations_off_ is supposed to be aligned by 4.
   2066     if (!IsAlignedParam(item->annotations_off_, 4)) {
   2067       ErrorStringPrintf("Invalid annotations_off_, not aligned by 4");
   2068       return false;
   2069     }
   2070     const uint8_t* data = begin_ + item->annotations_off_;
   2071     bool success;
   2072     uint16_t annotations_definer = FindFirstAnnotationsDirectoryDefiner(data, &success);
   2073     if (!success) {
   2074       return false;
   2075     }
   2076     if (UNLIKELY((annotations_definer != item->class_idx_) &&
   2077                  (annotations_definer != DexFile::kDexNoIndex16))) {
   2078       ErrorStringPrintf("Invalid annotations_directory_item");
   2079       return false;
   2080     }
   2081   }
   2082 
   2083   ptr_ += sizeof(DexFile::ClassDef);
   2084   return true;
   2085 }
   2086 
   2087 bool DexFileVerifier::CheckInterAnnotationSetRefList() {
   2088   const DexFile::AnnotationSetRefList* list =
   2089       reinterpret_cast<const DexFile::AnnotationSetRefList*>(ptr_);
   2090   const DexFile::AnnotationSetRefItem* item = list->list_;
   2091   uint32_t count = list->size_;
   2092 
   2093   while (count--) {
   2094     if (item->annotations_off_ != 0 &&
   2095         !CheckOffsetToTypeMap(item->annotations_off_, DexFile::kDexTypeAnnotationSetItem)) {
   2096       return false;
   2097     }
   2098     item++;
   2099   }
   2100 
   2101   ptr_ = reinterpret_cast<const uint8_t*>(item);
   2102   return true;
   2103 }
   2104 
   2105 bool DexFileVerifier::CheckInterAnnotationSetItem() {
   2106   const DexFile::AnnotationSetItem* set = reinterpret_cast<const DexFile::AnnotationSetItem*>(ptr_);
   2107   const uint32_t* offsets = set->entries_;
   2108   uint32_t count = set->size_;
   2109   uint32_t last_idx = 0;
   2110 
   2111   for (uint32_t i = 0; i < count; i++) {
   2112     if (*offsets != 0 && !CheckOffsetToTypeMap(*offsets, DexFile::kDexTypeAnnotationItem)) {
   2113       return false;
   2114     }
   2115 
   2116     // Get the annotation from the offset and the type index for the annotation.
   2117     const DexFile::AnnotationItem* annotation =
   2118         reinterpret_cast<const DexFile::AnnotationItem*>(begin_ + *offsets);
   2119     const uint8_t* data = annotation->annotation_;
   2120     uint32_t idx = DecodeUnsignedLeb128(&data);
   2121 
   2122     if (UNLIKELY(last_idx >= idx && i != 0)) {
   2123       ErrorStringPrintf("Out-of-order entry types: %x then %x", last_idx, idx);
   2124       return false;
   2125     }
   2126 
   2127     last_idx = idx;
   2128     offsets++;
   2129   }
   2130 
   2131   ptr_ = reinterpret_cast<const uint8_t*>(offsets);
   2132   return true;
   2133 }
   2134 
   2135 bool DexFileVerifier::CheckInterClassDataItem() {
   2136   ClassDataItemIterator it(*dex_file_, ptr_);
   2137   bool success;
   2138   uint16_t defining_class = FindFirstClassDataDefiner(ptr_, &success);
   2139   if (!success) {
   2140     return false;
   2141   }
   2142 
   2143   for (; it.HasNextStaticField() || it.HasNextInstanceField(); it.Next()) {
   2144     LOAD_FIELD(field, it.GetMemberIndex(), "inter_class_data_item field_id", return false)
   2145     if (UNLIKELY(field->class_idx_ != defining_class)) {
   2146       ErrorStringPrintf("Mismatched defining class for class_data_item field");
   2147       return false;
   2148     }
   2149   }
   2150   for (; it.HasNextDirectMethod() || it.HasNextVirtualMethod(); it.Next()) {
   2151     uint32_t code_off = it.GetMethodCodeItemOffset();
   2152     if (code_off != 0 && !CheckOffsetToTypeMap(code_off, DexFile::kDexTypeCodeItem)) {
   2153       return false;
   2154     }
   2155     LOAD_METHOD(method, it.GetMemberIndex(), "inter_class_data_item method_id", return false)
   2156     if (UNLIKELY(method->class_idx_ != defining_class)) {
   2157       ErrorStringPrintf("Mismatched defining class for class_data_item method");
   2158       return false;
   2159     }
   2160   }
   2161 
   2162   ptr_ = it.EndDataPointer();
   2163   return true;
   2164 }
   2165 
   2166 bool DexFileVerifier::CheckInterAnnotationsDirectoryItem() {
   2167   const DexFile::AnnotationsDirectoryItem* item =
   2168       reinterpret_cast<const DexFile::AnnotationsDirectoryItem*>(ptr_);
   2169   bool success;
   2170   uint16_t defining_class = FindFirstAnnotationsDirectoryDefiner(ptr_, &success);
   2171   if (!success) {
   2172     return false;
   2173   }
   2174 
   2175   if (item->class_annotations_off_ != 0 &&
   2176       !CheckOffsetToTypeMap(item->class_annotations_off_, DexFile::kDexTypeAnnotationSetItem)) {
   2177     return false;
   2178   }
   2179 
   2180   // Field annotations follow immediately after the annotations directory.
   2181   const DexFile::FieldAnnotationsItem* field_item =
   2182       reinterpret_cast<const DexFile::FieldAnnotationsItem*>(item + 1);
   2183   uint32_t field_count = item->fields_size_;
   2184   for (uint32_t i = 0; i < field_count; i++) {
   2185     LOAD_FIELD(field, field_item->field_idx_, "inter_annotations_directory_item field_id",
   2186                return false)
   2187     if (UNLIKELY(field->class_idx_ != defining_class)) {
   2188       ErrorStringPrintf("Mismatched defining class for field_annotation");
   2189       return false;
   2190     }
   2191     if (!CheckOffsetToTypeMap(field_item->annotations_off_, DexFile::kDexTypeAnnotationSetItem)) {
   2192       return false;
   2193     }
   2194     field_item++;
   2195   }
   2196 
   2197   // Method annotations follow immediately after field annotations.
   2198   const DexFile::MethodAnnotationsItem* method_item =
   2199       reinterpret_cast<const DexFile::MethodAnnotationsItem*>(field_item);
   2200   uint32_t method_count = item->methods_size_;
   2201   for (uint32_t i = 0; i < method_count; i++) {
   2202     LOAD_METHOD(method, method_item->method_idx_, "inter_annotations_directory_item method_id",
   2203                 return false)
   2204     if (UNLIKELY(method->class_idx_ != defining_class)) {
   2205       ErrorStringPrintf("Mismatched defining class for method_annotation");
   2206       return false;
   2207     }
   2208     if (!CheckOffsetToTypeMap(method_item->annotations_off_, DexFile::kDexTypeAnnotationSetItem)) {
   2209       return false;
   2210     }
   2211     method_item++;
   2212   }
   2213 
   2214   // Parameter annotations follow immediately after method annotations.
   2215   const DexFile::ParameterAnnotationsItem* parameter_item =
   2216       reinterpret_cast<const DexFile::ParameterAnnotationsItem*>(method_item);
   2217   uint32_t parameter_count = item->parameters_size_;
   2218   for (uint32_t i = 0; i < parameter_count; i++) {
   2219     LOAD_METHOD(parameter_method, parameter_item->method_idx_,
   2220                 "inter_annotations_directory_item parameter method_id", return false)
   2221     if (UNLIKELY(parameter_method->class_idx_ != defining_class)) {
   2222       ErrorStringPrintf("Mismatched defining class for parameter_annotation");
   2223       return false;
   2224     }
   2225     if (!CheckOffsetToTypeMap(parameter_item->annotations_off_,
   2226         DexFile::kDexTypeAnnotationSetRefList)) {
   2227       return false;
   2228     }
   2229     parameter_item++;
   2230   }
   2231 
   2232   ptr_ = reinterpret_cast<const uint8_t*>(parameter_item);
   2233   return true;
   2234 }
   2235 
   2236 bool DexFileVerifier::CheckInterSectionIterate(size_t offset, uint32_t count, uint16_t type) {
   2237   // Get the right alignment mask for the type of section.
   2238   size_t alignment_mask;
   2239   switch (type) {
   2240     case DexFile::kDexTypeClassDataItem:
   2241       alignment_mask = sizeof(uint8_t) - 1;
   2242       break;
   2243     default:
   2244       alignment_mask = sizeof(uint32_t) - 1;
   2245       break;
   2246   }
   2247 
   2248   // Iterate through the items in the section.
   2249   previous_item_ = nullptr;
   2250   for (uint32_t i = 0; i < count; i++) {
   2251     uint32_t new_offset = (offset + alignment_mask) & ~alignment_mask;
   2252     ptr_ = begin_ + new_offset;
   2253     const uint8_t* prev_ptr = ptr_;
   2254 
   2255     // Check depending on the section type.
   2256     switch (type) {
   2257       case DexFile::kDexTypeStringIdItem: {
   2258         if (!CheckInterStringIdItem()) {
   2259           return false;
   2260         }
   2261         break;
   2262       }
   2263       case DexFile::kDexTypeTypeIdItem: {
   2264         if (!CheckInterTypeIdItem()) {
   2265           return false;
   2266         }
   2267         break;
   2268       }
   2269       case DexFile::kDexTypeProtoIdItem: {
   2270         if (!CheckInterProtoIdItem()) {
   2271           return false;
   2272         }
   2273         break;
   2274       }
   2275       case DexFile::kDexTypeFieldIdItem: {
   2276         if (!CheckInterFieldIdItem()) {
   2277           return false;
   2278         }
   2279         break;
   2280       }
   2281       case DexFile::kDexTypeMethodIdItem: {
   2282         if (!CheckInterMethodIdItem()) {
   2283           return false;
   2284         }
   2285         break;
   2286       }
   2287       case DexFile::kDexTypeClassDefItem: {
   2288         if (!CheckInterClassDefItem()) {
   2289           return false;
   2290         }
   2291         break;
   2292       }
   2293       case DexFile::kDexTypeAnnotationSetRefList: {
   2294         if (!CheckInterAnnotationSetRefList()) {
   2295           return false;
   2296         }
   2297         break;
   2298       }
   2299       case DexFile::kDexTypeAnnotationSetItem: {
   2300         if (!CheckInterAnnotationSetItem()) {
   2301           return false;
   2302         }
   2303         break;
   2304       }
   2305       case DexFile::kDexTypeClassDataItem: {
   2306         if (!CheckInterClassDataItem()) {
   2307           return false;
   2308         }
   2309         break;
   2310       }
   2311       case DexFile::kDexTypeAnnotationsDirectoryItem: {
   2312         if (!CheckInterAnnotationsDirectoryItem()) {
   2313           return false;
   2314         }
   2315         break;
   2316       }
   2317       default:
   2318         ErrorStringPrintf("Unknown map item type %x", type);
   2319         return false;
   2320     }
   2321 
   2322     previous_item_ = prev_ptr;
   2323     offset = ptr_ - begin_;
   2324   }
   2325 
   2326   return true;
   2327 }
   2328 
   2329 bool DexFileVerifier::CheckInterSection() {
   2330   const DexFile::MapList* map = reinterpret_cast<const DexFile::MapList*>(begin_ + header_->map_off_);
   2331   const DexFile::MapItem* item = map->list_;
   2332   uint32_t count = map->size_;
   2333 
   2334   // Cross check the items listed in the map.
   2335   while (count--) {
   2336     uint32_t section_offset = item->offset_;
   2337     uint32_t section_count = item->size_;
   2338     uint16_t type = item->type_;
   2339 
   2340     switch (type) {
   2341       case DexFile::kDexTypeHeaderItem:
   2342       case DexFile::kDexTypeMapList:
   2343       case DexFile::kDexTypeTypeList:
   2344       case DexFile::kDexTypeCodeItem:
   2345       case DexFile::kDexTypeStringDataItem:
   2346       case DexFile::kDexTypeDebugInfoItem:
   2347       case DexFile::kDexTypeAnnotationItem:
   2348       case DexFile::kDexTypeEncodedArrayItem:
   2349         break;
   2350       case DexFile::kDexTypeStringIdItem:
   2351       case DexFile::kDexTypeTypeIdItem:
   2352       case DexFile::kDexTypeProtoIdItem:
   2353       case DexFile::kDexTypeFieldIdItem:
   2354       case DexFile::kDexTypeMethodIdItem:
   2355       case DexFile::kDexTypeClassDefItem:
   2356       case DexFile::kDexTypeAnnotationSetRefList:
   2357       case DexFile::kDexTypeAnnotationSetItem:
   2358       case DexFile::kDexTypeClassDataItem:
   2359       case DexFile::kDexTypeAnnotationsDirectoryItem: {
   2360         if (!CheckInterSectionIterate(section_offset, section_count, type)) {
   2361           return false;
   2362         }
   2363         break;
   2364       }
   2365       default:
   2366         ErrorStringPrintf("Unknown map item type %x", type);
   2367         return false;
   2368     }
   2369 
   2370     item++;
   2371   }
   2372 
   2373   return true;
   2374 }
   2375 
   2376 bool DexFileVerifier::Verify() {
   2377   // Check the header.
   2378   if (!CheckHeader()) {
   2379     return false;
   2380   }
   2381 
   2382   // Check the map section.
   2383   if (!CheckMap()) {
   2384     return false;
   2385   }
   2386 
   2387   // Check structure within remaining sections.
   2388   if (!CheckIntraSection()) {
   2389     return false;
   2390   }
   2391 
   2392   // Check references from one section to another.
   2393   if (!CheckInterSection()) {
   2394     return false;
   2395   }
   2396 
   2397   return true;
   2398 }
   2399 
   2400 void DexFileVerifier::ErrorStringPrintf(const char* fmt, ...) {
   2401   va_list ap;
   2402   va_start(ap, fmt);
   2403   DCHECK(failure_reason_.empty()) << failure_reason_;
   2404   failure_reason_ = StringPrintf("Failure to verify dex file '%s': ", location_);
   2405   StringAppendV(&failure_reason_, fmt, ap);
   2406   va_end(ap);
   2407 }
   2408 
   2409 // Fields and methods may have only one of public/protected/private.
   2410 static bool CheckAtMostOneOfPublicProtectedPrivate(uint32_t flags) {
   2411   size_t count = (((flags & kAccPublic) == 0) ? 0 : 1) +
   2412                  (((flags & kAccProtected) == 0) ? 0 : 1) +
   2413                  (((flags & kAccPrivate) == 0) ? 0 : 1);
   2414   return count <= 1;
   2415 }
   2416 
   2417 // Helper functions to retrieve names from the dex file. We do not want to rely on DexFile
   2418 // functionality, as we're still verifying the dex file. begin and header correspond to the
   2419 // underscored variants in the DexFileVerifier.
   2420 
   2421 static std::string GetStringOrError(const uint8_t* const begin,
   2422                                     const DexFile::Header* const header,
   2423                                     uint32_t string_idx) {
   2424   // The `string_idx` is not guaranteed to be valid yet.
   2425   if (header->string_ids_size_ <= string_idx) {
   2426     return "(error)";
   2427   }
   2428 
   2429   const DexFile::StringId* string_id =
   2430       reinterpret_cast<const DexFile::StringId*>(begin + header->string_ids_off_) + string_idx;
   2431 
   2432   // Assume that the data is OK at this point. String data has been checked at this point.
   2433 
   2434   const uint8_t* ptr = begin + string_id->string_data_off_;
   2435   DecodeUnsignedLeb128(&ptr);
   2436   return reinterpret_cast<const char*>(ptr);
   2437 }
   2438 
   2439 static std::string GetClassOrError(const uint8_t* const begin,
   2440                                    const DexFile::Header* const header,
   2441                                    uint32_t class_idx) {
   2442   // The `class_idx` is either `FieldId::class_idx_` or `MethodId::class_idx_` and
   2443   // it has already been checked in `DexFileVerifier::CheckClassDataItemField()`
   2444   // or `DexFileVerifier::CheckClassDataItemMethod()`, respectively, to match
   2445   // a valid defining class.
   2446   CHECK_LT(class_idx, header->type_ids_size_);
   2447 
   2448   const DexFile::TypeId* type_id =
   2449       reinterpret_cast<const DexFile::TypeId*>(begin + header->type_ids_off_) + class_idx;
   2450 
   2451   // Assume that the data is OK at this point. Type id offsets have been checked at this point.
   2452 
   2453   return GetStringOrError(begin, header, type_id->descriptor_idx_);
   2454 }
   2455 
   2456 static std::string GetFieldDescriptionOrError(const uint8_t* const begin,
   2457                                               const DexFile::Header* const header,
   2458                                               uint32_t idx) {
   2459   // The `idx` has already been checked in `DexFileVerifier::CheckClassDataItemField()`.
   2460   CHECK_LT(idx, header->field_ids_size_);
   2461 
   2462   const DexFile::FieldId* field_id =
   2463       reinterpret_cast<const DexFile::FieldId*>(begin + header->field_ids_off_) + idx;
   2464 
   2465   // Assume that the data is OK at this point. Field id offsets have been checked at this point.
   2466 
   2467   std::string class_name = GetClassOrError(begin, header, field_id->class_idx_);
   2468   std::string field_name = GetStringOrError(begin, header, field_id->name_idx_);
   2469 
   2470   return class_name + "." + field_name;
   2471 }
   2472 
   2473 static std::string GetMethodDescriptionOrError(const uint8_t* const begin,
   2474                                                const DexFile::Header* const header,
   2475                                                uint32_t idx) {
   2476   // The `idx` has already been checked in `DexFileVerifier::CheckClassDataItemMethod()`.
   2477   CHECK_LT(idx, header->method_ids_size_);
   2478 
   2479   const DexFile::MethodId* method_id =
   2480       reinterpret_cast<const DexFile::MethodId*>(begin + header->method_ids_off_) + idx;
   2481 
   2482   // Assume that the data is OK at this point. Method id offsets have been checked at this point.
   2483 
   2484   std::string class_name = GetClassOrError(begin, header, method_id->class_idx_);
   2485   std::string method_name = GetStringOrError(begin, header, method_id->name_idx_);
   2486 
   2487   return class_name + "." + method_name;
   2488 }
   2489 
   2490 bool DexFileVerifier::CheckFieldAccessFlags(uint32_t idx,
   2491                                             uint32_t field_access_flags,
   2492                                             uint32_t class_access_flags,
   2493                                             std::string* error_msg) {
   2494   // Generally sort out >16-bit flags.
   2495   if ((field_access_flags & ~kAccJavaFlagsMask) != 0) {
   2496     *error_msg = StringPrintf("Bad field access_flags for %s: %x(%s)",
   2497                               GetFieldDescriptionOrError(begin_, header_, idx).c_str(),
   2498                               field_access_flags,
   2499                               PrettyJavaAccessFlags(field_access_flags).c_str());
   2500     return false;
   2501   }
   2502 
   2503   // Flags allowed on fields, in general. Other lower-16-bit flags are to be ignored.
   2504   constexpr uint32_t kFieldAccessFlags = kAccPublic |
   2505                                          kAccPrivate |
   2506                                          kAccProtected |
   2507                                          kAccStatic |
   2508                                          kAccFinal |
   2509                                          kAccVolatile |
   2510                                          kAccTransient |
   2511                                          kAccSynthetic |
   2512                                          kAccEnum;
   2513 
   2514   // Fields may have only one of public/protected/final.
   2515   if (!CheckAtMostOneOfPublicProtectedPrivate(field_access_flags)) {
   2516     *error_msg = StringPrintf("Field may have only one of public/protected/private, %s: %x(%s)",
   2517                               GetFieldDescriptionOrError(begin_, header_, idx).c_str(),
   2518                               field_access_flags,
   2519                               PrettyJavaAccessFlags(field_access_flags).c_str());
   2520     return false;
   2521   }
   2522 
   2523   // Interfaces have a pretty restricted list.
   2524   if ((class_access_flags & kAccInterface) != 0) {
   2525     // Interface fields must be public final static.
   2526     constexpr uint32_t kPublicFinalStatic = kAccPublic | kAccFinal | kAccStatic;
   2527     if ((field_access_flags & kPublicFinalStatic) != kPublicFinalStatic) {
   2528       *error_msg = StringPrintf("Interface field is not public final static, %s: %x(%s)",
   2529                                 GetFieldDescriptionOrError(begin_, header_, idx).c_str(),
   2530                                 field_access_flags,
   2531                                 PrettyJavaAccessFlags(field_access_flags).c_str());
   2532       if (header_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2533         return false;
   2534       } else {
   2535         // Allow in older versions, but warn.
   2536         LOG(WARNING) << "This dex file is invalid and will be rejected in the future. Error is: "
   2537                      << *error_msg;
   2538       }
   2539     }
   2540     // Interface fields may be synthetic, but may not have other flags.
   2541     constexpr uint32_t kDisallowed = ~(kPublicFinalStatic | kAccSynthetic);
   2542     if ((field_access_flags & kFieldAccessFlags & kDisallowed) != 0) {
   2543       *error_msg = StringPrintf("Interface field has disallowed flag, %s: %x(%s)",
   2544                                 GetFieldDescriptionOrError(begin_, header_, idx).c_str(),
   2545                                 field_access_flags,
   2546                                 PrettyJavaAccessFlags(field_access_flags).c_str());
   2547       if (header_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2548         return false;
   2549       } else {
   2550         // Allow in older versions, but warn.
   2551         LOG(WARNING) << "This dex file is invalid and will be rejected in the future. Error is: "
   2552                      << *error_msg;
   2553       }
   2554     }
   2555     return true;
   2556   }
   2557 
   2558   // Volatile fields may not be final.
   2559   constexpr uint32_t kVolatileFinal = kAccVolatile | kAccFinal;
   2560   if ((field_access_flags & kVolatileFinal) == kVolatileFinal) {
   2561     *error_msg = StringPrintf("Fields may not be volatile and final: %s",
   2562                               GetFieldDescriptionOrError(begin_, header_, idx).c_str());
   2563     return false;
   2564   }
   2565 
   2566   return true;
   2567 }
   2568 
   2569 // Try to find the name of the method with the given index. We do not want to rely on DexFile
   2570 // infrastructure at this point, so do it all by hand. begin and header correspond to begin_ and
   2571 // header_ of the DexFileVerifier. str will contain the pointer to the method name on success
   2572 // (flagged by the return value), otherwise error_msg will contain an error string.
   2573 static bool FindMethodName(uint32_t method_index,
   2574                            const uint8_t* begin,
   2575                            const DexFile::Header* header,
   2576                            const char** str,
   2577                            std::string* error_msg) {
   2578   if (method_index >= header->method_ids_size_) {
   2579     *error_msg = "Method index not available for method flags verification";
   2580     return false;
   2581   }
   2582   uint32_t string_idx =
   2583       (reinterpret_cast<const DexFile::MethodId*>(begin + header->method_ids_off_) +
   2584           method_index)->name_idx_;
   2585   if (string_idx >= header->string_ids_size_) {
   2586     *error_msg = "String index not available for method flags verification";
   2587     return false;
   2588   }
   2589   uint32_t string_off =
   2590       (reinterpret_cast<const DexFile::StringId*>(begin + header->string_ids_off_) + string_idx)->
   2591           string_data_off_;
   2592   if (string_off >= header->file_size_) {
   2593     *error_msg = "String offset out of bounds for method flags verification";
   2594     return false;
   2595   }
   2596   const uint8_t* str_data_ptr = begin + string_off;
   2597   DecodeUnsignedLeb128(&str_data_ptr);
   2598   *str = reinterpret_cast<const char*>(str_data_ptr);
   2599   return true;
   2600 }
   2601 
   2602 bool DexFileVerifier::CheckMethodAccessFlags(uint32_t method_index,
   2603                                              uint32_t method_access_flags,
   2604                                              uint32_t class_access_flags,
   2605                                              bool has_code,
   2606                                              bool expect_direct,
   2607                                              std::string* error_msg) {
   2608   // Generally sort out >16-bit flags, except dex knows Constructor and DeclaredSynchronized.
   2609   constexpr uint32_t kAllMethodFlags =
   2610       kAccJavaFlagsMask | kAccConstructor | kAccDeclaredSynchronized;
   2611   if ((method_access_flags & ~kAllMethodFlags) != 0) {
   2612     *error_msg = StringPrintf("Bad method access_flags for %s: %x",
   2613                               GetMethodDescriptionOrError(begin_, header_, method_index).c_str(),
   2614                               method_access_flags);
   2615     return false;
   2616   }
   2617 
   2618   // Flags allowed on fields, in general. Other lower-16-bit flags are to be ignored.
   2619   constexpr uint32_t kMethodAccessFlags = kAccPublic |
   2620                                           kAccPrivate |
   2621                                           kAccProtected |
   2622                                           kAccStatic |
   2623                                           kAccFinal |
   2624                                           kAccSynthetic |
   2625                                           kAccSynchronized |
   2626                                           kAccBridge |
   2627                                           kAccVarargs |
   2628                                           kAccNative |
   2629                                           kAccAbstract |
   2630                                           kAccStrict;
   2631 
   2632   // Methods may have only one of public/protected/final.
   2633   if (!CheckAtMostOneOfPublicProtectedPrivate(method_access_flags)) {
   2634     *error_msg = StringPrintf("Method may have only one of public/protected/private, %s: %x",
   2635                               GetMethodDescriptionOrError(begin_, header_, method_index).c_str(),
   2636                               method_access_flags);
   2637     return false;
   2638   }
   2639 
   2640   // Try to find the name, to check for constructor properties.
   2641   const char* str;
   2642   if (!FindMethodName(method_index, begin_, header_, &str, error_msg)) {
   2643     return false;
   2644   }
   2645   bool is_init_by_name = false;
   2646   constexpr const char* kInitName = "<init>";
   2647   size_t str_offset = (reinterpret_cast<const uint8_t*>(str) - begin_);
   2648   if (header_->file_size_ - str_offset >= sizeof(kInitName)) {
   2649     is_init_by_name = strcmp(kInitName, str) == 0;
   2650   }
   2651   bool is_clinit_by_name = false;
   2652   constexpr const char* kClinitName = "<clinit>";
   2653   if (header_->file_size_ - str_offset >= sizeof(kClinitName)) {
   2654     is_clinit_by_name = strcmp(kClinitName, str) == 0;
   2655   }
   2656   bool is_constructor = is_init_by_name || is_clinit_by_name;
   2657 
   2658   // Only methods named "<clinit>" or "<init>" may be marked constructor. Note: we cannot enforce
   2659   // the reverse for backwards compatibility reasons.
   2660   if (((method_access_flags & kAccConstructor) != 0) && !is_constructor) {
   2661     *error_msg =
   2662         StringPrintf("Method %" PRIu32 "(%s) is marked constructor, but doesn't match name",
   2663                      method_index,
   2664                      GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2665     return false;
   2666   }
   2667   // Check that the static constructor (= static initializer) is named "<clinit>" and that the
   2668   // instance constructor is called "<init>".
   2669   if (is_constructor) {
   2670     bool is_static = (method_access_flags & kAccStatic) != 0;
   2671     if (is_static ^ is_clinit_by_name) {
   2672       *error_msg = StringPrintf("Constructor %" PRIu32 "(%s) is not flagged correctly wrt/ static.",
   2673                                 method_index,
   2674                                 GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2675       if (header_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2676         return false;
   2677       } else {
   2678         // Allow in older versions, but warn.
   2679         LOG(WARNING) << "This dex file is invalid and will be rejected in the future. Error is: "
   2680                      << *error_msg;
   2681       }
   2682     }
   2683   }
   2684   // Check that static and private methods, as well as constructors, are in the direct methods list,
   2685   // and other methods in the virtual methods list.
   2686   bool is_direct = (method_access_flags & (kAccStatic | kAccPrivate)) != 0 || is_constructor;
   2687   if (is_direct != expect_direct) {
   2688     *error_msg = StringPrintf("Direct/virtual method %" PRIu32 "(%s) not in expected list %d",
   2689                               method_index,
   2690                               GetMethodDescriptionOrError(begin_, header_, method_index).c_str(),
   2691                               expect_direct);
   2692     return false;
   2693   }
   2694 
   2695 
   2696   // From here on out it is easier to mask out the bits we're supposed to ignore.
   2697   method_access_flags &= kMethodAccessFlags;
   2698 
   2699   // Interfaces are special.
   2700   if ((class_access_flags & kAccInterface) != 0) {
   2701     // Non-static interface methods must be public or private.
   2702     uint32_t desired_flags = (kAccPublic | kAccStatic);
   2703     if (dex_file_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2704       desired_flags |= kAccPrivate;
   2705     }
   2706     if ((method_access_flags & desired_flags) == 0) {
   2707       *error_msg = StringPrintf("Interface virtual method %" PRIu32 "(%s) is not public",
   2708           method_index,
   2709           GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2710       if (header_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2711         return false;
   2712       } else {
   2713         // Allow in older versions, but warn.
   2714         LOG(WARNING) << "This dex file is invalid and will be rejected in the future. Error is: "
   2715                       << *error_msg;
   2716       }
   2717     }
   2718   }
   2719 
   2720   // If there aren't any instructions, make sure that's expected.
   2721   if (!has_code) {
   2722     // Only native or abstract methods may not have code.
   2723     if ((method_access_flags & (kAccNative | kAccAbstract)) == 0) {
   2724       *error_msg = StringPrintf("Method %" PRIu32 "(%s) has no code, but is not marked native or "
   2725                                 "abstract",
   2726                                 method_index,
   2727                                 GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2728       return false;
   2729     }
   2730     // Constructors must always have code.
   2731     if (is_constructor) {
   2732       *error_msg = StringPrintf("Constructor %u(%s) must not be abstract or native",
   2733                                 method_index,
   2734                                 GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2735       if (header_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2736         return false;
   2737       } else {
   2738         // Allow in older versions, but warn.
   2739         LOG(WARNING) << "This dex file is invalid and will be rejected in the future. Error is: "
   2740                       << *error_msg;
   2741       }
   2742     }
   2743     if ((method_access_flags & kAccAbstract) != 0) {
   2744       // Abstract methods are not allowed to have the following flags.
   2745       constexpr uint32_t kForbidden =
   2746           kAccPrivate | kAccStatic | kAccFinal | kAccNative | kAccStrict | kAccSynchronized;
   2747       if ((method_access_flags & kForbidden) != 0) {
   2748         *error_msg = StringPrintf("Abstract method %" PRIu32 "(%s) has disallowed access flags %x",
   2749             method_index,
   2750             GetMethodDescriptionOrError(begin_, header_, method_index).c_str(),
   2751             method_access_flags);
   2752         return false;
   2753       }
   2754       // Abstract methods should be in an abstract class or interface.
   2755       if ((class_access_flags & (kAccInterface | kAccAbstract)) == 0) {
   2756         LOG(WARNING) << "Method " << GetMethodDescriptionOrError(begin_, header_, method_index)
   2757                      << " is abstract, but the declaring class is neither abstract nor an "
   2758                      << "interface in dex file "
   2759                      << dex_file_->GetLocation();
   2760       }
   2761     }
   2762     // Interfaces are special.
   2763     if ((class_access_flags & kAccInterface) != 0) {
   2764       // Interface methods without code must be abstract.
   2765       if ((method_access_flags & (kAccPublic | kAccAbstract)) != (kAccPublic | kAccAbstract)) {
   2766         *error_msg = StringPrintf("Interface method %" PRIu32 "(%s) is not public and abstract",
   2767             method_index,
   2768             GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2769         if (header_->GetVersion() >= DexFile::kDefaultMethodsVersion) {
   2770           return false;
   2771         } else {
   2772           // Allow in older versions, but warn.
   2773           LOG(WARNING) << "This dex file is invalid and will be rejected in the future. Error is: "
   2774                        << *error_msg;
   2775         }
   2776       }
   2777       // At this point, we know the method is public and abstract. This means that all the checks
   2778       // for invalid combinations above applies. In addition, interface methods must not be
   2779       // protected. This is caught by the check for only-one-of-public-protected-private.
   2780     }
   2781     return true;
   2782   }
   2783 
   2784   // When there's code, the method must not be native or abstract.
   2785   if ((method_access_flags & (kAccNative | kAccAbstract)) != 0) {
   2786     *error_msg = StringPrintf("Method %" PRIu32 "(%s) has code, but is marked native or abstract",
   2787                               method_index,
   2788                               GetMethodDescriptionOrError(begin_, header_, method_index).c_str());
   2789     return false;
   2790   }
   2791 
   2792   // Instance constructors must not be synchronized and a few other flags.
   2793   if (is_init_by_name) {
   2794     static constexpr uint32_t kInitAllowed =
   2795         kAccPrivate | kAccProtected | kAccPublic | kAccStrict | kAccVarargs | kAccSynthetic;
   2796     if ((method_access_flags & ~kInitAllowed) != 0) {
   2797       *error_msg = StringPrintf("Constructor %" PRIu32 "(%s) flagged inappropriately %x",
   2798                                 method_index,
   2799                                 GetMethodDescriptionOrError(begin_, header_, method_index).c_str(),
   2800                                 method_access_flags);
   2801       return false;
   2802     }
   2803   }
   2804 
   2805   return true;
   2806 }
   2807 
   2808 }  // namespace art
   2809