From f94e77da7e6634937d65a9a608c504de91b53f1c Mon Sep 17 00:00:00 2001 From: Miao Wang Date: Thu, 11 Feb 2016 12:32:39 -0800 Subject: [RenderScript] Fix potential leak in RS JNI Bug: 27145639 Change-Id: I80cf2971d803a3366a63caa3612a503a88639040 (cherry picked from commit a4ad5f840173ecbfb679153a4f9460d2b06538e7) --- rs/jni/android_renderscript_RenderScript.cpp | 160 +++++++++++++++++---------- 1 file changed, 101 insertions(+), 59 deletions(-) (limited to 'rs/jni/android_renderscript_RenderScript.cpp') diff --git a/rs/jni/android_renderscript_RenderScript.cpp b/rs/jni/android_renderscript_RenderScript.cpp index 3dff37bb4505..3bef19e01e8e 100644 --- a/rs/jni/android_renderscript_RenderScript.cpp +++ b/rs/jni/android_renderscript_RenderScript.cpp @@ -2346,62 +2346,75 @@ nScriptGroupCreate(JNIEnv *_env, jobject _this, jlong con, jlongArray _kernels, ALOGD("nScriptGroupCreate, con(%p)", (RsContext)con); } + jlong id = 0; + + RsScriptKernelID* kernelsPtr; jint kernelsLen = _env->GetArrayLength(_kernels); jlong *jKernelsPtr = _env->GetLongArrayElements(_kernels, nullptr); + + RsScriptKernelID* srcPtr; + jint srcLen = _env->GetArrayLength(_src); + jlong *jSrcPtr = _env->GetLongArrayElements(_src, nullptr); + + RsScriptKernelID* dstkPtr; + jint dstkLen = _env->GetArrayLength(_dstk); + jlong *jDstkPtr = _env->GetLongArrayElements(_dstk, nullptr); + + RsScriptKernelID* dstfPtr; + jint dstfLen = _env->GetArrayLength(_dstf); + jlong *jDstfPtr = _env->GetLongArrayElements(_dstf, nullptr); + + RsType* typesPtr; + jint typesLen = _env->GetArrayLength(_types); + jlong *jTypesPtr = _env->GetLongArrayElements(_types, nullptr); + if (jKernelsPtr == nullptr) { ALOGE("Failed to get Java array elements: kernels"); - return 0; + goto cleanup; + } + if (jSrcPtr == nullptr) { + ALOGE("Failed to get Java array elements: src"); + goto cleanup; + } + if (jDstkPtr == nullptr) { + ALOGE("Failed to get Java array elements: dstk"); + goto cleanup; + } + if (jDstfPtr == nullptr) { + ALOGE("Failed to get Java array elements: dstf"); + goto cleanup; } - RsScriptKernelID* kernelsPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * kernelsLen); + if (jTypesPtr == nullptr) { + ALOGE("Failed to get Java array elements: types"); + goto cleanup; + } + + kernelsPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * kernelsLen); for(int i = 0; i < kernelsLen; ++i) { kernelsPtr[i] = (RsScriptKernelID)jKernelsPtr[i]; } - jint srcLen = _env->GetArrayLength(_src); - jlong *jSrcPtr = _env->GetLongArrayElements(_src, nullptr); - if (jSrcPtr == nullptr) { - ALOGE("Failed to get Java array elements: src"); - return 0; - } - RsScriptKernelID* srcPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * srcLen); + srcPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * srcLen); for(int i = 0; i < srcLen; ++i) { srcPtr[i] = (RsScriptKernelID)jSrcPtr[i]; } - jint dstkLen = _env->GetArrayLength(_dstk); - jlong *jDstkPtr = _env->GetLongArrayElements(_dstk, nullptr); - if (jDstkPtr == nullptr) { - ALOGE("Failed to get Java array elements: dstk"); - return 0; - } - RsScriptKernelID* dstkPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * dstkLen); + dstkPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * dstkLen); for(int i = 0; i < dstkLen; ++i) { dstkPtr[i] = (RsScriptKernelID)jDstkPtr[i]; } - jint dstfLen = _env->GetArrayLength(_dstf); - jlong *jDstfPtr = _env->GetLongArrayElements(_dstf, nullptr); - if (jDstfPtr == nullptr) { - ALOGE("Failed to get Java array elements: dstf"); - return 0; - } - RsScriptKernelID* dstfPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * dstfLen); + dstfPtr = (RsScriptKernelID*) malloc(sizeof(RsScriptKernelID) * dstfLen); for(int i = 0; i < dstfLen; ++i) { dstfPtr[i] = (RsScriptKernelID)jDstfPtr[i]; } - jint typesLen = _env->GetArrayLength(_types); - jlong *jTypesPtr = _env->GetLongArrayElements(_types, nullptr); - if (jTypesPtr == nullptr) { - ALOGE("Failed to get Java array elements: types"); - return 0; - } - RsType* typesPtr = (RsType*) malloc(sizeof(RsType) * typesLen); + typesPtr = (RsType*) malloc(sizeof(RsType) * typesLen); for(int i = 0; i < typesLen; ++i) { typesPtr[i] = (RsType)jTypesPtr[i]; } - jlong id = (jlong)(uintptr_t)rsScriptGroupCreate((RsContext)con, + id = (jlong)(uintptr_t)rsScriptGroupCreate((RsContext)con, (RsScriptKernelID *)kernelsPtr, kernelsLen * sizeof(RsScriptKernelID), (RsScriptKernelID *)srcPtr, srcLen * sizeof(RsScriptKernelID), (RsScriptKernelID *)dstkPtr, dstkLen * sizeof(RsScriptKernelID), @@ -2413,11 +2426,24 @@ nScriptGroupCreate(JNIEnv *_env, jobject _this, jlong con, jlongArray _kernels, free(dstkPtr); free(dstfPtr); free(typesPtr); - _env->ReleaseLongArrayElements(_kernels, jKernelsPtr, 0); - _env->ReleaseLongArrayElements(_src, jSrcPtr, 0); - _env->ReleaseLongArrayElements(_dstk, jDstkPtr, 0); - _env->ReleaseLongArrayElements(_dstf, jDstfPtr, 0); - _env->ReleaseLongArrayElements(_types, jTypesPtr, 0); + +cleanup: + if (jKernelsPtr != nullptr) { + _env->ReleaseLongArrayElements(_kernels, jKernelsPtr, 0); + } + if (jSrcPtr != nullptr) { + _env->ReleaseLongArrayElements(_src, jSrcPtr, 0); + } + if (jDstkPtr != nullptr) { + _env->ReleaseLongArrayElements(_dstk, jDstkPtr, 0); + } + if (jDstfPtr != nullptr) { + _env->ReleaseLongArrayElements(_dstf, jDstfPtr, 0); + } + if (jTypesPtr != nullptr) { + _env->ReleaseLongArrayElements(_types, jTypesPtr, 0); + } + return id; } @@ -2662,45 +2688,61 @@ nMeshCreate(JNIEnv *_env, jobject _this, jlong con, jlongArray _vtx, jlongArray ALOGD("nMeshCreate, con(%p)", (RsContext)con); } + jlong id = 0; + + RsAllocation* vtxPtr; jint vtxLen = _env->GetArrayLength(_vtx); jlong *jVtxPtr = _env->GetLongArrayElements(_vtx, nullptr); + + RsAllocation* idxPtr; + jint idxLen = _env->GetArrayLength(_idx); + jlong *jIdxPtr = _env->GetLongArrayElements(_idx, nullptr); + + jint primLen = _env->GetArrayLength(_prim); + jint *primPtr = _env->GetIntArrayElements(_prim, nullptr); + if (jVtxPtr == nullptr) { ALOGE("Failed to get Java array elements: vtx"); - return 0; + goto cleanupMesh; + } + if (jIdxPtr == nullptr) { + ALOGE("Failed to get Java array elements: idx"); + goto cleanupMesh; + } + if (primPtr == nullptr) { + ALOGE("Failed to get Java array elements: prim"); + goto cleanupMesh; } - RsAllocation* vtxPtr = (RsAllocation*) malloc(sizeof(RsAllocation) * vtxLen); + + vtxPtr = (RsAllocation*) malloc(sizeof(RsAllocation) * vtxLen); for(int i = 0; i < vtxLen; ++i) { vtxPtr[i] = (RsAllocation)(uintptr_t)jVtxPtr[i]; } - jint idxLen = _env->GetArrayLength(_idx); - jlong *jIdxPtr = _env->GetLongArrayElements(_idx, nullptr); - if (jIdxPtr == nullptr) { - ALOGE("Failed to get Java array elements: idx"); - return 0; - } - RsAllocation* idxPtr = (RsAllocation*) malloc(sizeof(RsAllocation) * idxLen); + idxPtr = (RsAllocation*) malloc(sizeof(RsAllocation) * idxLen); for(int i = 0; i < idxLen; ++i) { idxPtr[i] = (RsAllocation)(uintptr_t)jIdxPtr[i]; } - jint primLen = _env->GetArrayLength(_prim); - jint *primPtr = _env->GetIntArrayElements(_prim, nullptr); - if (primPtr == nullptr) { - ALOGE("Failed to get Java array elements: prim"); - return 0; - } - - jlong id = (jlong)(uintptr_t)rsMeshCreate((RsContext)con, - (RsAllocation *)vtxPtr, vtxLen, - (RsAllocation *)idxPtr, idxLen, - (uint32_t *)primPtr, primLen); + id = (jlong)(uintptr_t)rsMeshCreate((RsContext)con, + (RsAllocation *)vtxPtr, vtxLen, + (RsAllocation *)idxPtr, idxLen, + (uint32_t *)primPtr, primLen); free(vtxPtr); free(idxPtr); - _env->ReleaseLongArrayElements(_vtx, jVtxPtr, 0); - _env->ReleaseLongArrayElements(_idx, jIdxPtr, 0); - _env->ReleaseIntArrayElements(_prim, primPtr, 0); + +cleanupMesh: + if (jVtxPtr != nullptr) { + _env->ReleaseLongArrayElements(_vtx, jVtxPtr, 0); + } + if (jIdxPtr != nullptr) { + _env->ReleaseLongArrayElements(_idx, jIdxPtr, 0); + } + if (primPtr != nullptr) { + _env->ReleaseIntArrayElements(_prim, primPtr, 0); + } + return id; } -- cgit v1.2.3