Add some additional checks related to instruction size

brut.apktool.smali/dexlib2/src/main/java/org/jf/dexlib2/dexbacked/DexBackedMethodImplementation.java

@@ -41,6 +41,7 @@ import org.jf.dexlib2.iface.MethodImplementation;
 import org.jf.dexlib2.iface.debug.DebugItem;
 import org.jf.dexlib2.iface.instruction.Instruction;
 import org.jf.util.AlignmentUtils;
+import org.jf.util.ExceptionWithContext;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -77,7 +78,15 @@ public class DexBackedMethodImplementation implements MethodImplementation {
                         if (reader.getOffset() >= endOffset) {
                             return null;
                         }
-                        return DexBackedInstruction.readFrom(reader);
+
+                        Instruction instruction = DexBackedInstruction.readFrom(reader);
+
+                        // Does the instruction extend past the end of the method?
+                        int offset = reader.getOffset();
+                        if (offset > endOffset || offset < 0) {
+                            throw new ExceptionWithContext("The last instruction in the method is truncated");
+                        }
+                        return instruction;
                     }
                 };
             }

brut.apktool.smali/dexlib2/src/main/java/org/jf/dexlib2/dexbacked/instruction/DexBackedArrayPayload.java

@@ -56,6 +56,9 @@ public class DexBackedArrayPayload extends DexBackedInstruction implements Array
 
         elementWidth = dexFile.readUshort(instructionStart + ELEMENT_WIDTH_OFFSET);
         elementCount = dexFile.readSmallUint(instructionStart + ELEMENT_COUNT_OFFSET);
+        if (((long)elementWidth) * elementCount > Integer.MAX_VALUE) {
+            throw new ExceptionWithContext("Invalid array-payload instruction: element width*count overflows");
+        }
     }
 
     @Override public int getElementWidth() { return elementWidth; }