Use correct type for GetValueFromShadowFrame

The field type is not necessarily the input type for boxed primitives. If the field type is < 32 bits, it means there will be partial object pointer in the JValue. If a conversion check is later needed in GetUnboxedTypeAndValue, it will crash. The fix is to use the PTypes. Bug: 37446461 Test: test-art-host Change-Id: I0c4b405f0c13910523b98a87ef12b9f302a5e241
author: Mathieu Chartier <mathieuc@google.com> 2017-04-17 20:12:29 -0700
committer: Mathieu Chartier <mathieuc@google.com> 2017-04-18 09:49:40 -0700
commit: 71b1708f1e610143dc657e370f85eebbde4a900e (patch)
tree: 165b24e1d70cdc3d92f845f8eb7485f2a9d3e061 /runtime
parent: 27fb1dc467effbd8df43e6207743fdb7bcee4044 (diff)
1 files changed, 22 insertions, 4 deletions
diff --git a/runtime/method_handles.cc b/runtime/method_handles.cc
index bd7c4ad53c..b6f8a173c0 100644
--- a/runtime/method_handles.cc
+++ b/runtime/method_handles.cc
@@ -925,8 +925,17 @@ bool DoInvokePolymorphicFieldAccess(Thread* self,
     case mirror::MethodHandle::kInstancePut: {
       size_t obj_reg = is_range ? first_arg : args[0];
       size_t value_reg = is_range ? (first_arg + 1) : args[1];
-      JValue value = GetValueFromShadowFrame(shadow_frame, field_type, value_reg);
-      if (do_conversions && !ConvertArgumentValue(callsite_type, handle_type, 1, &value)) {
+      const size_t kPTypeIndex = 1;
+      // Use ptypes instead of field type since we may be unboxing a reference for a primitive
+      // field. The field type is incorrect for this case.
+      JValue value = GetValueFromShadowFrame(
+          shadow_frame,
+          callsite_type->GetPTypes()->Get(kPTypeIndex)->GetPrimitiveType(),
+          value_reg);
+      if (do_conversions && !ConvertArgumentValue(callsite_type,
+                                                  handle_type,
+                                                  kPTypeIndex,
+                                                  &value)) {
         DCHECK(self->IsExceptionPending());
         return false;
       }
@@ -940,8 +949,17 @@ bool DoInvokePolymorphicFieldAccess(Thread* self,
         return false;
       }
       size_t value_reg = is_range ? first_arg : args[0];
-      JValue value = GetValueFromShadowFrame(shadow_frame, field_type, value_reg);
-      if (do_conversions && !ConvertArgumentValue(callsite_type, handle_type, 0, &value)) {
+      const size_t kPTypeIndex = 0;
+      // Use ptypes instead of field type since we may be unboxing a reference for a primitive
+      // field. The field type is incorrect for this case.
+      JValue value = GetValueFromShadowFrame(
+          shadow_frame,
+          callsite_type->GetPTypes()->Get(kPTypeIndex)->GetPrimitiveType(),
+          value_reg);
+      if (do_conversions && !ConvertArgumentValue(callsite_type,
+                                                  handle_type,
+                                                  kPTypeIndex,
+                                                  &value)) {
         DCHECK(self->IsExceptionPending());
         return false;
       }
author	Mathieu Chartier <mathieuc@google.com>	2017-04-17 20:12:29 -0700
committer	Mathieu Chartier <mathieuc@google.com>	2017-04-18 09:49:40 -0700
commit	71b1708f1e610143dc657e370f85eebbde4a900e (patch)
tree	165b24e1d70cdc3d92f845f8eb7485f2a9d3e061 /runtime
parent	27fb1dc467effbd8df43e6207743fdb7bcee4044 (diff)