feat: check dex checksum before parsing (#1343)

jadx-plugins/jadx-dex-input/src/main/java/jadx/plugins/input/dex/DexFileLoader.java

@@ -18,6 +18,7 @@ import org.slf4j.LoggerFactory;
 
 import jadx.api.plugins.utils.ZipSecurity;
 import jadx.plugins.input.dex.sections.DexConsts;
+import jadx.plugins.input.dex.utils.DexCheckSum;
 
 public class DexFileLoader {
 	private static final Logger LOG = LoggerFactory.getLogger(DexFileLoader.class);
@@ -52,7 +53,9 @@ public class DexFileLoader {
 			}
 			if (isStartWithBytes(magic, DexConsts.DEX_FILE_MAGIC)) {
 				in.reset();
-				DexReader dexReader = new DexReader(getNextUniqId(), inputFileName, readAllBytes(in));
+				byte[] content = readAllBytes(in);
+				DexCheckSum.verify(content);
+				DexReader dexReader = new DexReader(getNextUniqId(), inputFileName, content);
 				return Collections.singletonList(dexReader);
 			}
 			if (file != null && isStartWithBytes(magic, DexConsts.ZIP_FILE_MAGIC)) {

jadx-plugins/jadx-dex-input/src/main/java/jadx/plugins/input/dex/utils/DexCheckSum.java

@@ -0,0 +1,25 @@
+package jadx.plugins.input.dex.utils;
+
+import java.nio.ByteBuffer;
+import java.util.zip.Adler32;
+
+import jadx.plugins.input.dex.DexException;
+
+import static java.nio.ByteOrder.LITTLE_ENDIAN;
+
+public class DexCheckSum {
+
+	public static void verify(byte[] content) {
+		int len = content.length;
+		if (len < 12) {
+			throw new DexException("Dex file truncated, length: " + len);
+		}
+		int checksum = ByteBuffer.wrap(content, 8, 4).order(LITTLE_ENDIAN).getInt();
+		Adler32 adler32 = new Adler32();
+		adler32.update(content, 12, len - 12);
+		int fileChecksum = (int) (adler32.getValue());
+		if (checksum != fileChecksum) {
+			throw new DexException(String.format("Bad checksum: 0x%08x, expected: 0x%08x", fileChecksum, checksum));
+		}
+	}
+}