From 582763ae4e2910b4059dccdfd30a447e9fc974d5 Mon Sep 17 00:00:00 2001 From: Jeff Brown Date: Wed, 24 Mar 2010 18:56:57 -0700 Subject: [PATCH] Ensure Binder finalizer handles partially initialized instances. If the Binder is allocated but its constructor does not run for some reason, then Binder.init() will not be called. Since the object was allocated, it is still eligible for finalization. Eventually when the finalizer runs and calls Binder.destroy(), it will have a NULL binder holder pointer. Previously this would cause Binder.destroy() to attempt to decrement a reference count on a NULL pointer. Now we check and ignore the binder if it does not have a valid holder pointer. Bug: b/2533956 Change-Id: Ifc2729b2f2abe8bceea5a0645ae0a4c1575b7846 --- core/jni/android_util_Binder.cpp | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/core/jni/android_util_Binder.cpp b/core/jni/android_util_Binder.cpp index 627fcbf0a1dc3..5182a7700ef89 100644 --- a/core/jni/android_util_Binder.cpp +++ b/core/jni/android_util_Binder.cpp @@ -590,9 +590,19 @@ static void android_os_Binder_destroy(JNIEnv* env, jobject clazz) { JavaBBinderHolder* jbh = (JavaBBinderHolder*) env->GetIntField(clazz, gBinderOffsets.mObject); - env->SetIntField(clazz, gBinderOffsets.mObject, 0); - LOGV("Java Binder %p: removing ref on holder %p", clazz, jbh); - jbh->decStrong(clazz); + if (jbh != NULL) { + env->SetIntField(clazz, gBinderOffsets.mObject, 0); + LOGV("Java Binder %p: removing ref on holder %p", clazz, jbh); + jbh->decStrong(clazz); + } else { + // Encountering an uninitialized binder is harmless. All it means is that + // the Binder was only partially initialized when its finalizer ran and called + // destroy(). The Binder could be partially initialized for several reasons. + // For example, a Binder subclass constructor might have thrown an exception before + // it could delegate to its superclass's constructor. Consequently init() would + // not have been called and the holder pointer would remain NULL. + LOGV("Java Binder %p: ignoring uninitialized binder", clazz); + } } // ----------------------------------------------------------------------------