Add more checking to ReleasePrimitiveArray.
When we ReleasePrimitiveArray, we now check that the elements pointer
is not a heap address if it is not equal to the java array's data.
Bug: 12845603
Change-Id: I458862f4dc586ba1c414647c7eb81b978c4ccb7e
diff --git a/runtime/jni_internal.cc b/runtime/jni_internal.cc
index 030b213..fbaadfb 100644
--- a/runtime/jni_internal.cc
+++ b/runtime/jni_internal.cc
@@ -2650,6 +2650,16 @@
size_t bytes = array->GetLength() * component_size;
VLOG(heap) << "Release primitive array " << env << " array_data " << array_data
<< " elements " << reinterpret_cast<void*>(elements);
+ if (is_copy) {
+ // Sanity check: If elements is not the same as the java array's data, it better not be a
+ // heap address. TODO: This might be slow to check, may be worth keeping track of which
+ // copies we make?
+ if (heap->IsNonDiscontinuousSpaceHeapAddress(reinterpret_cast<mirror::Object*>(elements))) {
+ JniAbortF("ReleaseArrayElements", "invalid element pointer %p, array elements are %p",
+ reinterpret_cast<void*>(elements), array_data);
+ return;
+ }
+ }
// Don't need to copy if we had a direct pointer.
if (mode != JNI_ABORT && is_copy) {
memcpy(array_data, elements, bytes);