Fix JNI abort due to mismatched critical get/release call.

ReleasePrimitiveArrayCritical need to be called after GetPrimitiveArrayCritical. However doRunAdvance or doOffsetForAdvance may call JNI::DeleteGlobalRef if the SkTypeface is gone due to cache overflow. Thus, use GetArrayElements/ReleaseArrayElements with ScopedCharArrayRO. Bug: 70660389 Test: Test app attached to the bug. Change-Id: Ied8e74588783f11b437c3f2c6ea726a9c6d2fc9e
author: Seigo Nonaka <nona@google.com> 2018-01-27 15:08:25 -0800
committer: Seigo Nonaka <nona@google.com> 2018-01-27 15:16:12 -0800
commit: ee23f61873497efc70045cc4794be9fdf18eed9f (patch)
tree: 414937e7e5575b2b8854a4a9bbd9568120aaae7b
parent: b443123538268d7b1ab0e0d74e3e9e0b25162e72 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/core/jni/android/graphics/Paint.cpp b/core/jni/android/graphics/Paint.cpp
index 49cbb545b019..115d0d5a608b 100644
--- a/core/jni/android/graphics/Paint.cpp
+++ b/core/jni/android/graphics/Paint.cpp
@@ -24,6 +24,7 @@
 #include "core_jni_helpers.h"
 #include <nativehelper/ScopedStringChars.h>
 #include <nativehelper/ScopedUtfChars.h>
+#include <nativehelper/ScopedPrimitiveArray.h>
 
 #include "SkBlurDrawLooper.h"
 #include "SkColorFilter.h"
@@ -515,11 +516,10 @@ namespace PaintGlue {
             jint start, jint end, jint contextStart, jint contextEnd, jboolean isRtl, jint offset) {
         const Paint* paint = reinterpret_cast<Paint*>(paintHandle);
         const Typeface* typeface = paint->getAndroidTypeface();
-        jchar* textArray = (jchar*) env->GetPrimitiveArrayCritical(text, nullptr);
-        jfloat result = doRunAdvance(paint, typeface, textArray + contextStart,
+        ScopedCharArrayRO textArray(env, text);
+        jfloat result = doRunAdvance(paint, typeface, textArray.get() + contextStart,
                 start - contextStart, end - start, contextEnd - contextStart, isRtl,
                 offset - contextStart);
-        env->ReleasePrimitiveArrayCritical(text, textArray, JNI_ABORT);
         return result;
     }
 
@@ -537,11 +537,10 @@ namespace PaintGlue {
             jboolean isRtl, jfloat advance) {
         const Paint* paint = reinterpret_cast<Paint*>(paintHandle);
         const Typeface* typeface = paint->getAndroidTypeface();
-        jchar* textArray = (jchar*) env->GetPrimitiveArrayCritical(text, nullptr);
-        jint result = doOffsetForAdvance(paint, typeface, textArray + contextStart,
+        ScopedCharArrayRO textArray(env, text);
+        jint result = doOffsetForAdvance(paint, typeface, textArray.get() + contextStart,
                 start - contextStart, end - start, contextEnd - contextStart, isRtl, advance);
         result += contextStart;
-        env->ReleasePrimitiveArrayCritical(text, textArray, JNI_ABORT);
         return result;
     }
author	Seigo Nonaka <nona@google.com>	2018-01-27 15:08:25 -0800
committer	Seigo Nonaka <nona@google.com>	2018-01-27 15:16:12 -0800
commit	ee23f61873497efc70045cc4794be9fdf18eed9f (patch)
tree	414937e7e5575b2b8854a4a9bbd9568120aaae7b
parent	b443123538268d7b1ab0e0d74e3e9e0b25162e72 (diff)