commit ebeaf8f7c88af0917f4b7b1137dd78d56d66dd59
author Brian Carlstrom <bdc@google.com> Wed Jun 25 16:29:31 2014 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jun 25 03:39:25 2014 +0000
tree 2ff86eaa9a7665b97437c1cab46848658a441026
parent fe6bfba3153ab55dab3ec0d644d628136e5ff0a4
parent 45d26c86b00580593067ca42091ad66cf7dc4f7c

Merge "Treat larger than jint capacity in NewDirectByteBuffer as an error"

runtime/check_jni.cc

diff --git a/runtime/check_jni.cc b/runtime/check_jni.cc
index a816489..fefb907 100644
--- a/runtime/check_jni.cc
+++ b/runtime/check_jni.cc
@@ -1757,9 +1757,7 @@
     CHECK_JNI_ENTRY(kFlag_Default, "EpJ", env, address, capacity);
     if (address == nullptr) {
       JniAbortF(__FUNCTION__, "non-nullable address is NULL");
-    }
-    if (capacity < 0) {
-      JniAbortF(__FUNCTION__, "capacity must be non-negative: %" PRId64, capacity);
+      return nullptr;
     }
     return CHECK_JNI_EXIT("L", baseEnv(env)->NewDirectByteBuffer(env, address, capacity));
   }

runtime/jni_internal.cc

diff --git a/runtime/jni_internal.cc b/runtime/jni_internal.cc
index 513b409..2fadfb0 100644
--- a/runtime/jni_internal.cc
+++ b/runtime/jni_internal.cc
@@ -2447,13 +2447,18 @@
   static jobject NewDirectByteBuffer(JNIEnv* env, void* address, jlong capacity) {
     if (capacity < 0) {
       JniAbortF("NewDirectByteBuffer", "negative buffer capacity: %" PRId64, capacity);
+      return nullptr;
     }
     if (address == nullptr && capacity != 0) {
       JniAbortF("NewDirectByteBuffer", "non-zero capacity for nullptr pointer: %" PRId64, capacity);
+      return nullptr;
     }
 
-    // At the moment, the capacity is limited to 32 bits.
-    CHECK_LE(capacity, 0xffffffff);
+    // At the moment, the capacity is limited to a jint (31 bits).
+    if (capacity > INT_MAX) {
+      JniAbortF("NewDirectByteBuffer", "buffer capacity greater than maximum jint: %" PRId64, capacity);
+      return nullptr;
+    }
     jlong address_arg = reinterpret_cast<jlong>(address);
     jint capacity_arg = static_cast<jint>(capacity);
 

runtime/jni_internal_test.cc

diff --git a/runtime/jni_internal_test.cc b/runtime/jni_internal_test.cc
index 5e46c57..218ae95 100644
--- a/runtime/jni_internal_test.cc
+++ b/runtime/jni_internal_test.cc
@@ -1515,6 +1515,12 @@
   ASSERT_TRUE(env_->IsInstanceOf(buffer, buffer_class));
   ASSERT_EQ(env_->GetDirectBufferAddress(buffer), bytes);
   ASSERT_EQ(env_->GetDirectBufferCapacity(buffer), static_cast<jlong>(sizeof(bytes)));
+
+  {
+    CheckJniAbortCatcher check_jni_abort_catcher;
+    env_->NewDirectByteBuffer(bytes, static_cast<jlong>(INT_MAX) * 2);
+    check_jni_abort_catcher.Check("in call to NewDirectByteBuffer");
+  }
 }
 
 TEST_F(JniInternalTest, MonitorEnterExit) {
@@ -1568,7 +1574,6 @@
     CheckJniAbortCatcher check_jni_abort_catcher;
     env_->MonitorEnter(nullptr);
     check_jni_abort_catcher.Check("in call to MonitorEnter");
-
     env_->MonitorExit(nullptr);
     check_jni_abort_catcher.Check("in call to MonitorExit");
   }