diff options
| author | 2017-06-22 16:33:08 -0700 | |
|---|---|---|
| committer | 2017-06-22 16:33:08 -0700 | |
| commit | ad9173df1f1707fb1f72b19b8b8a6902738cb410 (patch) | |
| tree | d97e1ca7dff4b431cbd752e5cda34258a046ee7a | |
| parent | a08c9bbe02073d34358c15e3339fa47ed49c39fc (diff) | |
ART: Fix use-after-free
Fix use-after-free because of vector resize.
Bug: 62353392
Test: m test-art-host
Test: SANITIZE_HOST=address art/test/testrunner/testrunner.py -b --host -t 911
Change-Id: If6d925cb73d9e926ee90714e8682530e1990edf4
| -rw-r--r-- | runtime/openjdkjvmti/ti_stack.cc | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/runtime/openjdkjvmti/ti_stack.cc b/runtime/openjdkjvmti/ti_stack.cc index ee89372a68..a17226c55a 100644 --- a/runtime/openjdkjvmti/ti_stack.cc +++ b/runtime/openjdkjvmti/ti_stack.cc @@ -359,8 +359,8 @@ jvmtiError StackUtil::GetAllStackTraces(jvmtiEnv* env, self, thread->GetPeerFromOtherThread()); thread_peers.push_back(peer); - frames.emplace_back(); - return &frames.back(); + frames.emplace_back(new std::vector<jvmtiFrameInfo>()); + return frames.back().get(); } art::Mutex mutex; @@ -371,7 +371,7 @@ jvmtiError StackUtil::GetAllStackTraces(jvmtiEnv* env, // "thread_peers" contains global references to their peers. std::vector<jthread> thread_peers; - std::vector<std::vector<jvmtiFrameInfo>> frames; + std::vector<std::unique_ptr<std::vector<jvmtiFrameInfo>>> frames; }; AllStackTracesData data; @@ -396,7 +396,7 @@ jvmtiError StackUtil::GetAllStackTraces(jvmtiEnv* env, jvmtiStackInfo& stack_info = stack_info_array.get()[index]; memset(&stack_info, 0, sizeof(jvmtiStackInfo)); - const std::vector<jvmtiFrameInfo>& thread_frames = data.frames[index]; + const std::vector<jvmtiFrameInfo>& thread_frames = *data.frames[index].get(); // For the time being, set the thread to null. We'll fix it up in the second stage. stack_info.thread = nullptr; @@ -503,8 +503,8 @@ jvmtiError StackUtil::GetThreadListStackTraces(jvmtiEnv* env, threads.push_back(thread); thread_list_indices.push_back(index); - frames.emplace_back(); - return &frames.back(); + frames.emplace_back(new std::vector<jvmtiFrameInfo>()); + return frames.back().get(); } } return nullptr; @@ -521,7 +521,7 @@ jvmtiError StackUtil::GetThreadListStackTraces(jvmtiEnv* env, std::vector<art::Thread*> threads; std::vector<size_t> thread_list_indices; - std::vector<std::vector<jvmtiFrameInfo>> frames; + std::vector<std::unique_ptr<std::vector<jvmtiFrameInfo>>> frames; }; SelectStackTracesData data; @@ -558,7 +558,7 @@ jvmtiError StackUtil::GetThreadListStackTraces(jvmtiEnv* env, memset(&stack_info, 0, sizeof(jvmtiStackInfo)); art::Thread* self = data.threads[index]; - const std::vector<jvmtiFrameInfo>& thread_frames = data.frames[index]; + const std::vector<jvmtiFrameInfo>& thread_frames = *data.frames[index].get(); // For the time being, set the thread to null. We don't have good ScopedLocalRef // infrastructure. |