diff options
| author | Alex Light <allight@google.com> | 2019-12-12 16:13:47 -0800 | 
|---|---|---|
| committer | Alex Light <allight@google.com> | 2019-12-13 23:15:02 +0000 | 
| commit | 4847a071380288033e128986947d445e97827e5e (patch) | |
| tree | 6dd09fa436f1be772713f39926701ad266c337e3 /test/MultiDexModifiedSecondary/Second.java | |
| parent | 92e99406d1704a14a1969e2909986f590e980010 (diff) | |
Fix issue with observing invalid thread state.
Threads have two references to their java.lang.Thread peers,
'tlsPtr_.opeer' and 'tlsPtr_.jpeer'. The opeer is a direct
mirror::Object* which is used while the thread is running. The jpeer
is a global jobject used during early thread startup. As part of
thread startup the new thread will delete and clear the 'jpeer' and
only use 'opeer' from then on. A minor (DCHECK'd) consistency
guarantee is that only one of these fields can be observed to be set
at a time. Using JNI function table replacement it is possible to
execute JNI functions just before the DeleteGlobalRef of the jpeer. If
one calls other thread functions (such as through GetThreadInfo) these
functions may DCHECK that jpeer is cleared. This would fail since
jpeer wasn't cleared until after the DeleteGlobalRef returns.
This fixes the bug by clearing the 'jpeer' field before calling
DeleteGlobalRef.
Test: ./test.py --host
Bug: 146170834
Change-Id: I7e7941912a69fad9e75bbb55643eee0fa5d8a47d
Diffstat (limited to 'test/MultiDexModifiedSecondary/Second.java')
0 files changed, 0 insertions, 0 deletions
