diff options
| author | Mike Lockwood <lockwood@google.com> | 2014-05-20 11:33:35 -0700 |
|---|---|---|
| committer | Mike Lockwood <lockwood@google.com> | 2014-05-20 11:33:35 -0700 |
| commit | b2a4658a630a99b0e0ff44bc54aa5b02557a571b (patch) | |
| tree | 214c1ae59ba7669102a3c1f5f7d5164ffadea003 /core/jni | |
| parent | fa2b3fc6cd15a3b6bbfef87288b97354edb42307 (diff) | |
| download | frameworks_base-b2a4658a630a99b0e0ff44bc54aa5b02557a571b.zip frameworks_base-b2a4658a630a99b0e0ff44bc54aa5b02557a571b.tar.gz frameworks_base-b2a4658a630a99b0e0ff44bc54aa5b02557a571b.tar.bz2 | |
USB: Fix race condition in acquiring global reference in UsbRequest JNI code
Fixes bug https://code.google.com/p/android/issues/detail?id=59467
Change-Id: I8365e1be4eb0f1f2da49b658af677b590a80e382
Diffstat (limited to 'core/jni')
| -rw-r--r-- | core/jni/android_hardware_UsbRequest.cpp | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/core/jni/android_hardware_UsbRequest.cpp b/core/jni/android_hardware_UsbRequest.cpp index 01eaec4..a3c7b0a 100644 --- a/core/jni/android_hardware_UsbRequest.cpp +++ b/core/jni/android_hardware_UsbRequest.cpp @@ -100,18 +100,19 @@ android_hardware_UsbRequest_queue_array(JNIEnv *env, jobject thiz, } request->buffer_length = length; + // save a reference to ourselves so UsbDeviceConnection.waitRequest() can find us + request->client_data = (void *)env->NewGlobalRef(thiz); + if (usb_request_queue(request)) { if (request->buffer) { // free our buffer if usb_request_queue fails free(request->buffer); request->buffer = NULL; } + env->DeleteGlobalRef((jobject)request->client_data); return false; - } else { - // save a reference to ourselves so UsbDeviceConnection.waitRequest() can find us - request->client_data = (void *)env->NewGlobalRef(thiz); - return true; } + return true; } static jint @@ -152,16 +153,17 @@ android_hardware_UsbRequest_queue_direct(JNIEnv *env, jobject thiz, } request->buffer_length = length; + // save a reference to ourselves so UsbDeviceConnection.waitRequest() can find us + // we also need this to make sure our native buffer is not deallocated + // while IO is active + request->client_data = (void *)env->NewGlobalRef(thiz); + if (usb_request_queue(request)) { request->buffer = NULL; + env->DeleteGlobalRef((jobject)request->client_data); return false; - } else { - // save a reference to ourselves so UsbDeviceConnection.waitRequest() can find us - // we also need this to make sure our native buffer is not deallocated - // while IO is active - request->client_data = (void *)env->NewGlobalRef(thiz); - return true; } + return true; } static jint |