From fa65e846362829d6e444bd88b12fe2496b3d5647 Mon Sep 17 00:00:00 2001
From: Sebastien Hertz <shertz@google.com>
Date: Thu, 3 Jul 2014 09:39:53 +0200
Subject: More checks in JNI RegisterNatives

Throws NoSuchMethodError (and returns JNI_ERR) when given method name, method
signature or native function is null.

Bug: https://code.google.com/p/android/issues/detail?id=72293
Bug: 15886341
Change-Id: I1c0582d54031eaa58a6025a2417d65090a2a622a
---
 runtime/jni_internal.cc | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'runtime/jni_internal.cc')

diff --git a/runtime/jni_internal.cc b/runtime/jni_internal.cc
index 0624281c20..845691d182 100644
--- a/runtime/jni_internal.cc
+++ b/runtime/jni_internal.cc
@@ -112,6 +112,17 @@ static void ThrowNoSuchMethodError(ScopedObjectAccess& soa, mirror::Class* c,
                                  kind, c->GetDescriptor().c_str(), name, sig);
 }
 
+static void ReportInvalidJNINativeMethod(const ScopedObjectAccess& soa, mirror::Class* c,
+                                         const char* kind, jint idx, bool return_errors)
+    SHARED_LOCKS_REQUIRED(Locks::mutator_lock_) {
+  LOG(return_errors ? ERROR : FATAL) << "Failed to register native method in "
+      << PrettyDescriptor(c) << " in " << c->GetDexCache()->GetLocation()->ToModifiedUtf8()
+      << ": " << kind << " is null at index " << idx;
+  ThrowLocation throw_location = soa.Self()->GetCurrentLocationForThrow();
+  soa.Self()->ThrowNewExceptionF(throw_location, "Ljava/lang/NoSuchMethodError;",
+                                 "%s is null at index %d", kind, idx);
+}
+
 static mirror::Class* EnsureInitialized(Thread* self, mirror::Class* klass)
     SHARED_LOCKS_REQUIRED(Locks::mutator_lock_) {
   if (LIKELY(klass->IsInitialized())) {
@@ -2357,6 +2368,17 @@ class JNI {
     for (jint i = 0; i < method_count; ++i) {
       const char* name = methods[i].name;
       const char* sig = methods[i].signature;
+      const void* fnPtr = methods[i].fnPtr;
+      if (UNLIKELY(name == nullptr)) {
+        ReportInvalidJNINativeMethod(soa, c, "method name", i, return_errors);
+        return JNI_ERR;
+      } else if (UNLIKELY(sig == nullptr)) {
+        ReportInvalidJNINativeMethod(soa, c, "method signature", i, return_errors);
+        return JNI_ERR;
+      } else if (UNLIKELY(fnPtr == nullptr)) {
+        ReportInvalidJNINativeMethod(soa, c, "native function", i, return_errors);
+        return JNI_ERR;
+      }
       bool is_fast = false;
       if (*sig == '!') {
         is_fast = true;
@@ -2384,7 +2406,7 @@ class JNI {
 
       VLOG(jni) << "[Registering JNI native method " << PrettyMethod(m) << "]";
 
-      m->RegisterNative(soa.Self(), methods[i].fnPtr, is_fast);
+      m->RegisterNative(soa.Self(), fnPtr, is_fast);
     }
     return JNI_OK;
   }
-- 
cgit v1.2.3