From 07f0621463e7b480c86ddba3e72d3fb9f0ae820f Mon Sep 17 00:00:00 2001
From: Alex Light <allight@google.com>
Date: Thu, 1 Jun 2017 14:01:43 -0700
Subject: Fix redefinition related use-after-free bug

A redefinition that failed with JVMTI_ERROR_FAILS_VERIFICATION could
cause a use-after-free of java DexCache objects if a art::DexFile* that
aliases the one created for the failed redefinition is created.

Bug: 62237378
Test: ./test.py --host -j40

Change-Id: Ia080dfa6c702b2e3a735c4c3cd80ca3974386934
---
 runtime/class_linker.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'runtime/class_linker.h')

diff --git a/runtime/class_linker.h b/runtime/class_linker.h
index 205ea1e496..fad6e9ebbf 100644
--- a/runtime/class_linker.h
+++ b/runtime/class_linker.h
@@ -385,6 +385,13 @@ class ClassLinker {
       REQUIRES_SHARED(Locks::mutator_lock_)
       REQUIRES(!Locks::dex_lock_, !Roles::uninterruptible_);
 
+  // Directly register an already existing dex cache. RegisterDexFile should be preferred since that
+  // reduplicates DexCaches when possible. The DexCache given to this function must already be fully
+  // initialized and not already registered.
+  void RegisterExistingDexCache(ObjPtr<mirror::DexCache> cache,
+                                ObjPtr<mirror::ClassLoader> class_loader)
+      REQUIRES(!Locks::dex_lock_)
+      REQUIRES_SHARED(Locks::mutator_lock_);
   ObjPtr<mirror::DexCache> RegisterDexFile(const DexFile& dex_file,
                                            ObjPtr<mirror::ClassLoader> class_loader)
       REQUIRES(!Locks::dex_lock_)
-- 
cgit v1.2.3-59-g8ed1b