Skip to content

Commit 47173c8

Browse files
matthiasblaesingmatthiasblaesing
committed
Ensure callback,method_data and thread_storage are initialized to zero
malloc does not clear the memory it allocates and thus random data can be present. It was observed, that cleanup routines assume, that fields not holding NULL need to be freed for example. That is not true if the field was not cleared on allocation. One such example was callback->arg_classes in free_callback.
1 parent d33e0f6 commit 47173c8

File tree

2 files changed

+21
-12
lines changed

2 files changed

+21
-12
lines changed

native/callback.c

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -133,19 +133,19 @@ create_callback(JNIEnv* env, jobject obj, jobject method,
133133
}
134134
argc = (*env)->GetArrayLength(env, arg_classes);
135135

136-
cb = (callback *)malloc(sizeof(callback));
136+
cb = (callback *)calloc(1, sizeof(callback));
137137
cb->closure = ffi_closure_alloc(sizeof(ffi_closure), &cb->x_closure);
138138
cb->saved_x_closure = cb->x_closure;
139139
cb->object = (*env)->NewWeakGlobalRef(env, obj);
140140
cb->methodID = (*env)->FromReflectedMethod(env, method);
141141

142142
cb->vm = vm;
143-
cb->arg_types = (ffi_type**)malloc(sizeof(ffi_type*) * argc);
144-
cb->java_arg_types = (ffi_type**)malloc(sizeof(ffi_type*) * (argc + 3));
145-
cb->arg_jtypes = (char*)malloc(sizeof(char) * argc);
146-
cb->conversion_flags = (int *)malloc(sizeof(int) * argc);
143+
cb->arg_types = (ffi_type**)calloc(argc, sizeof(ffi_type*));
144+
cb->java_arg_types = (ffi_type**)calloc(argc + 3, sizeof(ffi_type*));
145+
cb->arg_jtypes = (char*)calloc(argc, sizeof(char));
146+
cb->conversion_flags = (int *)calloc(argc, sizeof(int));
147147
cb->rflag = CVT_DEFAULT;
148-
cb->arg_classes = (jobject*)malloc(sizeof(jobject) * argc);
148+
cb->arg_classes = (jobject*)calloc(argc, sizeof(jobject));
149149

150150
cb->direct = direct;
151151
cb->java_arg_types[0] = cb->java_arg_types[1] = cb->java_arg_types[2] = &ffi_type_pointer;
@@ -163,6 +163,9 @@ create_callback(JNIEnv* env, jobject obj, jobject method,
163163
}
164164

165165
jtype = get_java_type(env, cls);
166+
if((*env)->ExceptionCheck(env)) {
167+
goto failure_cleanup;
168+
}
166169
if (jtype == -1) {
167170
snprintf(msg, sizeof(msg), "Unsupported callback argument at index %d", i);
168171
throw_type = EIllegalArgument;
@@ -179,7 +182,13 @@ create_callback(JNIEnv* env, jobject obj, jobject method,
179182
|| cb->conversion_flags[i] == CVT_INTEGER_TYPE) {
180183
jclass ncls;
181184
ncls = getNativeType(env, cls);
185+
if((*env)->ExceptionCheck(env)) {
186+
goto failure_cleanup;
187+
}
182188
jtype = get_java_type(env, ncls);
189+
if((*env)->ExceptionCheck(env)) {
190+
goto failure_cleanup;
191+
}
183192
if (jtype == -1) {
184193
snprintf(msg, sizeof(msg), "Unsupported NativeMapped callback argument native type at argument %d", i);
185194
throw_type = EIllegalArgument;
@@ -560,7 +569,7 @@ static TLS_KEY_T tls_thread_data_key;
560569
static thread_storage* get_thread_storage(JNIEnv* env) {
561570
thread_storage* tls = (thread_storage *)TLS_GET(tls_thread_data_key);
562571
if (tls == NULL) {
563-
tls = (thread_storage*)malloc(sizeof(thread_storage));
572+
tls = (thread_storage*)calloc(1, sizeof(thread_storage));
564573
if (!tls) {
565574
throwByName(env, EOutOfMemory, "JNA: Can't allocate thread storage");
566575
}

native/dispatch.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3497,7 +3497,7 @@ Java_com_sun_jna_Native_registerMethod(JNIEnv *env, jclass UNUSED(ncls),
34973497
const char* sig = newCStringUTF8(env, signature);
34983498
void *code;
34993499
void *closure;
3500-
method_data* data = malloc(sizeof(method_data));
3500+
method_data* data = calloc(1, sizeof(method_data));
35013501
ffi_cif* closure_cif = &data->closure_cif;
35023502
int status;
35033503
int i;
@@ -3519,12 +3519,12 @@ Java_com_sun_jna_Native_registerMethod(JNIEnv *env, jclass UNUSED(ncls),
35193519
}
35203520

35213521
data->throw_last_error = throw_last_error;
3522-
data->arg_types = malloc(sizeof(ffi_type*) * argc);
3523-
data->closure_arg_types = malloc(sizeof(ffi_type*) * (argc + 2));
3522+
data->arg_types = calloc(argc, sizeof(ffi_type*));
3523+
data->closure_arg_types = calloc(argc + 2, sizeof(ffi_type*));
35243524
data->closure_arg_types[0] = &ffi_type_pointer;
35253525
data->closure_arg_types[1] = &ffi_type_pointer;
35263526
data->closure_method = NULL;
3527-
data->flags = cvts ? malloc(sizeof(jint)*argc) : NULL;
3527+
data->flags = cvts ? calloc(argc, sizeof(jint)) : NULL;
35283528
data->rflag = rconversion;
35293529
data->to_native = NULL;
35303530
data->from_native = from_native ? (*env)->NewWeakGlobalRef(env, from_native) : NULL;
@@ -3612,7 +3612,7 @@ Java_com_sun_jna_Native_ffi_1prep_1cif(JNIEnv *env, jclass UNUSED(cls), jint abi
36123612
JNIEXPORT jlong JNICALL
36133613
Java_com_sun_jna_Native_ffi_1prep_1closure(JNIEnv *env, jclass UNUSED(cls), jlong cif, jobject obj)
36143614
{
3615-
callback* cb = (callback *)malloc(sizeof(callback));
3615+
callback* cb = (callback *)calloc(1, sizeof(callback));
36163616
ffi_status s;
36173617

36183618
if ((*env)->GetJavaVM(env, &cb->vm) != JNI_OK) {

0 commit comments

Comments
 (0)