The JDK 1.1.1 bytecode verifier does not check that the number of arguments passed into a method is less than the amount of space allocated to local variables for that method, in its MAXLOCAL classfile attribute. So, if a method is given more arguments than it has room for in the space allotted to its local variables, this could cause a stack overflow, most likely leading to the JVM crashing. There is no known security attack based on this verifier bug, but since the bug relates to classloading, which has been the basis for security attacks in the past, it is appropriate to issue a fix.

With two additional safety checks in the native C code that implements the classloader, this bug is now fixed in the JDK 1.1.2 verifier.

• Check that the number of arguments is smaller than the number of local variables.
• Check that the number of arguments is fewer than 255, to match the Java Virtual Machine specification.