Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6eb53142 authored by Wei Wang's avatar Wei Wang
Browse files

Enforce argument check on setThreadGroup and friends 

in android/os/Process.java
@param group The target group for this thread from THREAD_GROUP_*.

However, there is no boundary check on this.
and "SchedPolicy sp = (SchedPolicy) grp;" is an undefined behavior.

Fixes: 142097996
Test: boot
Change-Id: I8f6f9f5527903aa8b311c419a2ec803b4894cf8f
parent 496d47ab

core/jni/android_util_Process.cpp

+18 −0
Original line number Diff line number Diff line
@@ -191,9 +191,21 @@ jint android_os_Process_getGidForName(JNIEnv* env, jobject clazz, jstring name) 
    return -1;

}



static bool verifyGroup(JNIEnv* env, int grp)

{

    if (grp < SP_DEFAULT || grp  >= SP_CNT) {

        signalExceptionForError(env, EINVAL, grp);

        return false;

    }

    return true;

}



void android_os_Process_setThreadGroup(JNIEnv* env, jobject clazz, int tid, jint grp)

{

    ALOGV("%s tid=%d grp=%" PRId32, __func__, tid, grp);

    if (!verifyGroup(env, grp)) {

        return;

    }

    SchedPolicy sp = (SchedPolicy) grp;

    int res = set_sched_policy(tid, sp);

    if (res != NO_ERROR) {
@@ -204,6 +216,9 @@ void android_os_Process_setThreadGroup(JNIEnv* env, jobject clazz, int tid, jint 
void android_os_Process_setThreadGroupAndCpuset(JNIEnv* env, jobject clazz, int tid, jint grp)

{

    ALOGV("%s tid=%d grp=%" PRId32, __func__, tid, grp);

    if (!verifyGroup(env, grp)) {

        return;

    }

    SchedPolicy sp = (SchedPolicy) grp;

    int res = set_sched_policy(tid, sp);
@@ -234,6 +249,9 @@ void android_os_Process_setProcessGroup(JNIEnv* env, jobject clazz, int pid, jin 
        grp = SP_FOREGROUND;

        isDefault = true;

    }

    if (!verifyGroup(env, grp)) {

        return;

    }

    SchedPolicy sp = (SchedPolicy) grp;



    if (kDebugPolicy) {