Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ee23f618 authored by Seigo Nonaka's avatar Seigo Nonaka
Browse files

Fix JNI abort due to mismatched critical get/release call. 

ReleasePrimitiveArrayCritical need to be called after
GetPrimitiveArrayCritical. However doRunAdvance or doOffsetForAdvance
may call JNI::DeleteGlobalRef if the SkTypeface is gone due to cache
overflow. Thus, use GetArrayElements/ReleaseArrayElements with
ScopedCharArrayRO.

Bug: 70660389
Test: Test app attached to the bug.
Change-Id: Ied8e74588783f11b437c3f2c6ea726a9c6d2fc9e
parent b4431235

core/jni/android/graphics/Paint.cpp

+5 −6
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 
#include "core_jni_helpers.h"

#include <nativehelper/ScopedStringChars.h>

#include <nativehelper/ScopedUtfChars.h>

#include <nativehelper/ScopedPrimitiveArray.h>



#include "SkBlurDrawLooper.h"

#include "SkColorFilter.h"
@@ -515,11 +516,10 @@ namespace PaintGlue { 
            jint start, jint end, jint contextStart, jint contextEnd, jboolean isRtl, jint offset) {

        const Paint* paint = reinterpret_cast<Paint*>(paintHandle);

        const Typeface* typeface = paint->getAndroidTypeface();

        jchar* textArray = (jchar*) env->GetPrimitiveArrayCritical(text, nullptr);

        jfloat result = doRunAdvance(paint, typeface, textArray + contextStart,

        ScopedCharArrayRO textArray(env, text);

        jfloat result = doRunAdvance(paint, typeface, textArray.get() + contextStart,

                start - contextStart, end - start, contextEnd - contextStart, isRtl,

                offset - contextStart);

        env->ReleasePrimitiveArrayCritical(text, textArray, JNI_ABORT);

        return result;

    }
@@ -537,11 +537,10 @@ namespace PaintGlue { 
            jboolean isRtl, jfloat advance) {

        const Paint* paint = reinterpret_cast<Paint*>(paintHandle);

        const Typeface* typeface = paint->getAndroidTypeface();

        jchar* textArray = (jchar*) env->GetPrimitiveArrayCritical(text, nullptr);

        jint result = doOffsetForAdvance(paint, typeface, textArray + contextStart,

        ScopedCharArrayRO textArray(env, text);

        jint result = doOffsetForAdvance(paint, typeface, textArray.get() + contextStart,

                start - contextStart, end - start, contextEnd - contextStart, isRtl, advance);

        result += contextStart;

        env->ReleasePrimitiveArrayCritical(text, textArray, JNI_ABORT);

        return result;

    }