Use Handles in case ART objects get moved

It's rather unlikely that this happens while these methods are running, but let's be on the safe side. Also, raw pointers fail in heap poisoning and object pointer poisoning mode.
faithlove · Dec 10, 2017 · 558b34b · 558b34b
1 parent a8ab899
commit 558b34b
Showing 1 changed file with 18 additions and 17 deletions.
diff --git a/libxposed_art.cpp b/libxposed_art.cpp
@@ -113,31 +113,30 @@ jobject XposedBridge_invokeOriginalMethodNative(JNIEnv* env, jclass, jobject jav
 
 void XposedBridge_setObjectClassNative(JNIEnv* env, jclass, jobject javaObj, jclass javaClazz) {
     ScopedObjectAccess soa(env);
-    mirror::Class* clazz = soa.Decode<mirror::Class*>(javaClazz);
-    StackHandleScope<1> hs(soa.Self());
-    Handle<mirror::Class> c(hs.NewHandle(clazz));
+    StackHandleScope<3> hs(soa.Self());
+    Handle<mirror::Class> clazz(hs.NewHandle(soa.Decode<mirror::Class*>(javaClazz)));
 #if PLATFORM_SDK_VERSION >= 23
-    if (!Runtime::Current()->GetClassLinker()->EnsureInitialized(soa.Self(), c, true, true)) {
+    if (!Runtime::Current()->GetClassLinker()->EnsureInitialized(soa.Self(), clazz, true, true)) {
 #else
-    if (!Runtime::Current()->GetClassLinker()->EnsureInitialized(c, true, true)) {
+    if (!Runtime::Current()->GetClassLinker()->EnsureInitialized(clazz, true, true)) {
 #endif
-        XLOG(ERROR) << "Could not initialize class " << PrettyClass(clazz);
+        XLOG(ERROR) << "Could not initialize class " << PrettyClass(clazz.Get());
         return;
     }
-    mirror::Object* obj = soa.Decode<mirror::Object*>(javaObj);
-    mirror::Class* currentClass = obj->GetClass();
+    Handle<mirror::Object> obj(hs.NewHandle(soa.Decode<mirror::Object*>(javaObj)));
+    Handle<mirror::Class> currentClass(hs.NewHandle(obj->GetClass()));
     if (clazz->GetObjectSize() != currentClass->GetObjectSize()) {
         std::string msg = StringPrintf("Different object sizes: %s (%d) vs. %s (%d)",
-                PrettyClass(clazz).c_str(), clazz->GetObjectSize(),
-                PrettyClass(currentClass).c_str(), currentClass->GetObjectSize());
+                PrettyClass(clazz.Get()).c_str(), clazz->GetObjectSize(),
+                PrettyClass(currentClass.Get()).c_str(), currentClass->GetObjectSize());
 #if PLATFORM_SDK_VERSION >= 23
         ThrowIllegalArgumentException(msg.c_str());
 #else
         ThrowIllegalArgumentException(nullptr, msg.c_str());
 #endif
         return;
     }
-    obj->SetClass(clazz);
+    obj->SetClass(clazz.Get());
 }
 
 void XposedBridge_dumpObjectNative(JNIEnv*, jclass, jobject) {
@@ -147,16 +146,18 @@ void XposedBridge_dumpObjectNative(JNIEnv*, jclass, jobject) {
 
 jobject XposedBridge_cloneToSubclassNative(JNIEnv* env, jclass, jobject javaObject, jclass javaClazz) {
     ScopedObjectAccess soa(env);
-    mirror::Object* obj = soa.Decode<mirror::Object*>(javaObject);
-    mirror::Class* clazz = soa.Decode<mirror::Class*>(javaClazz);
-    mirror::Object* dest = obj->Clone(soa.Self(), clazz->GetObjectSize());
-    dest->SetClass(clazz);
-    return soa.AddLocalReference<jobject>(dest);
+    StackHandleScope<3> hs(soa.Self());
+    Handle<mirror::Object> obj(hs.NewHandle(soa.Decode<mirror::Object*>(javaObject)));
+    Handle<mirror::Class> clazz(hs.NewHandle(soa.Decode<mirror::Class*>(javaClazz)));
+    Handle<mirror::Object> dest(hs.NewHandle(obj->Clone(soa.Self(), clazz->GetObjectSize())));
+    dest->SetClass(clazz.Get());
+    return soa.AddLocalReference<jobject>(dest.Get());
 }
 
 void XposedBridge_removeFinalFlagNative(JNIEnv* env, jclass, jclass javaClazz) {
     ScopedObjectAccess soa(env);
-    mirror::Class* clazz = soa.Decode<mirror::Class*>(javaClazz);
+    StackHandleScope<1> hs(soa.Self());
+    Handle<mirror::Class> clazz(hs.NewHandle(soa.Decode<mirror::Class*>(javaClazz)));
     uint32_t flags = clazz->GetAccessFlags();
     if ((flags & kAccFinal) != 0) {
         clazz->SetAccessFlags(flags & ~kAccFinal);