Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d49ac46 authored by Hans Boehm's avatar Hans Boehm
Browse files

Fix ApkAssets mNativePtr accesses 

Actually acquire the monitor it claims to be guarded by. Since it was a
final field, it's still not entirely clear what that means.

Clear mNativePtr when we deallocate its referent. This prevents native
heap corruption if methods here are called from another finalizer.
Remove mOpen and use mNativePtr instead.

This probably does not fix the bug below. But let's get rid of the
possible heap corruption source we know about.

Bug: 159041693
Test: Build and boot
Change-Id: I6f0f6250ca8b6a4274c346ae99f1f94cab5844e1
parent 9185c90a

core/java/android/content/res/ApkAssets.java

+10 −9
Original line number Diff line number Diff line
@@ -101,14 +101,11 @@ public final class ApkAssets { 
    public @interface FormatType {}



    @GuardedBy("this")

    private final long mNativePtr;

    private long mNativePtr;  // final, except cleared in finalizer.



    @Nullable

    @GuardedBy("this")

    private final StringBlock mStringBlock;



    @GuardedBy("this")

    private boolean mOpen = true;

    private final StringBlock mStringBlock;  // null or closed if mNativePtr = 0.



    @PropertyFlags

    private final int mFlags;
@@ -380,13 +377,17 @@ public final class ApkAssets { 
    /** @hide */

    @Nullable

    public OverlayableInfo getOverlayableInfo(String overlayableName) throws IOException {

        synchronized (this) {

            return nativeGetOverlayableInfo(mNativePtr, overlayableName);

        }

    }



    /** @hide */

    public boolean definesOverlayable() throws IOException {

        synchronized (this) {

            return nativeDefinesOverlayable(mNativePtr);

        }

    }



    /**

     * Returns false if the underlying APK was changed since this ApkAssets was loaded.
@@ -412,12 +413,12 @@ public final class ApkAssets { 
     */

    public void close() {

        synchronized (this) {

            if (mOpen) {

                mOpen = false;

            if (mNativePtr != 0) {

                if (mStringBlock != null) {

                    mStringBlock.close();

                }

                nativeDestroy(mNativePtr);

                mNativePtr = 0;

            }

        }

    }