commit 358bcaf13ec288ee45be8fc53cb09170c1b8a8f1
author Sebastien Hertz <shertz@google.com> Wed Oct 21 16:18:58 2015 +0200
committer Sebastien Hertz <shertz@google.com> Wed Oct 21 16:22:59 2015 +0200
tree cee1b848ae498b4d59b88c4273b3c4544d6b430a
parent 66e33f1906be899f140d5fe2a657db4e3993106e

JDWP: fix possible JdwpEvent memory leak

Fixes possible memory leak when registering new JdwpEvent but the
Count modifier is invalid. This is done by using a std::unique_ptr
with a custom delete function. It also allows to easily introduce
more modifier checks in the future.

Bug: 14076832
Change-Id: I339ffb1297165ff85ab924e5e7618d336df5612b

runtime/jdwp/jdwp_handler.cc

diff --git a/runtime/jdwp/jdwp_handler.cc b/runtime/jdwp/jdwp_handler.cc
index 5427a58..df6936b 100644
--- a/runtime/jdwp/jdwp_handler.cc
+++ b/runtime/jdwp/jdwp_handler.cc
@@ -1171,6 +1171,13 @@
   return VM_AllClassesImpl(pReply, false, false);
 }
 
+// Delete function class to use std::unique_ptr with JdwpEvent.
+struct JdwpEventDeleter {
+  void operator()(JdwpEvent* event) {
+    EventFree(event);
+  }
+};
+
 /*
  * Set an event trigger.
  *
@@ -1184,7 +1191,7 @@
 
   CHECK_LT(modifier_count, 256);    /* reasonableness check */
 
-  JdwpEvent* pEvent = EventAlloc(modifier_count);
+  std::unique_ptr<JDWP::JdwpEvent, JdwpEventDeleter> pEvent(EventAlloc(modifier_count));
   pEvent->eventKind = event_kind;
   pEvent->suspend_policy = suspend_policy;
   pEvent->modCount = modifier_count;
@@ -1293,8 +1300,6 @@
       break;
     default:
       LOG(WARNING) << "Unsupported modifier " << mod.modKind << " for event " << pEvent->eventKind;
-      // Free allocated event to avoid leak before leaving.
-      EventFree(pEvent);
       return JDWP::ERR_NOT_IMPLEMENTED;
     }
   }
@@ -1310,13 +1315,14 @@
   VLOG(jdwp) << StringPrintf("    --> event requestId=%#x", requestId);
 
   /* add it to the list */
-  JdwpError err = state->RegisterEvent(pEvent);
+  JdwpError err = state->RegisterEvent(pEvent.get());
   if (err != ERR_NONE) {
     /* registration failed, probably because event is bogus */
-    EventFree(pEvent);
     LOG(WARNING) << "WARNING: event request rejected";
+    return err;
   }
-  return err;
+  pEvent.release();
+  return ERR_NONE;
 }
 
 static JdwpError ER_Clear(JdwpState* state, Request* request, ExpandBuf*)