commit 2debd8032a9e44910bb7e39ca5d142a4fc237c05
author Hiroshi Yamauchi <yamauchi@google.com> Wed May 20 15:51:29 2015 -0700
committer Hiroshi Yamauchi <yamauchi@google.com> Wed May 20 17:04:22 2015 -0700
tree 31ce60c28169f3de7d1b52b00ae673acb7d742ff
parent 22efeba85d4056143e34ed9a212a48a206d2f5b8

Fix a cts crash around proxy class fields.

org.apache.harmony.tests.java.io.SerializationStressTest4#test_writeObject_Proxy

As the static fields of proxy classes share the dex file indices, they
shouldn't be resolved in the dex cache or else Field::GetArtField()
may return a wrong art field that belong to a different proxy class.

(cherry pick commit a56ce5e267c9744ed99e40ae5cd9b527971e1d63)

Bug: 20557050

Change-Id: If672c0e67bc49e672e34d75ffbe29c65f5a423b9

runtime/mirror/field-inl.h

diff --git a/runtime/mirror/field-inl.h b/runtime/mirror/field-inl.h
index 9820db7..388921b 100644
--- a/runtime/mirror/field-inl.h
+++ b/runtime/mirror/field-inl.h
@@ -30,10 +30,11 @@
 template <bool kTransactionActive>
 inline mirror::Field* Field::CreateFromArtField(Thread* self, ArtField* field,
                                                 bool force_resolve) {
+  StackHandleScope<2> hs(self);
   // Try to resolve type before allocating since this is a thread suspension point.
-  mirror::Class* type = field->GetType<true>();
+  Handle<mirror::Class> type = hs.NewHandle(field->GetType<true>());
 
-  if (type == nullptr) {
+  if (type.Get() == nullptr) {
     if (force_resolve) {
       if (kIsDebugBuild) {
         self->AssertPendingException();
@@ -48,7 +49,6 @@
       self->ClearException();
     }
   }
-  StackHandleScope<1> hs(self);
   auto ret = hs.NewHandle(static_cast<Field*>(StaticClass()->AllocObject(self)));
   if (ret.Get() == nullptr) {
     if (kIsDebugBuild) {
@@ -58,14 +58,22 @@
   }
   auto dex_field_index = field->GetDexFieldIndex();
   auto* resolved_field = field->GetDexCache()->GetResolvedField(dex_field_index, sizeof(void*));
-  if (resolved_field != nullptr) {
-    DCHECK_EQ(resolved_field, field);
+  if (field->GetDeclaringClass()->IsProxyClass()) {
+    DCHECK(field->IsStatic());
+    DCHECK_LT(dex_field_index, 2U);
+    // The two static fields (interfaces, throws) of all proxy classes
+    // share the same dex file indices 0 and 1. So, we can't resolve
+    // them in the dex cache.
   } else {
-    // We rely on the field being resolved so that we can back to the ArtField
-    // (i.e. FromReflectedMethod).
-    field->GetDexCache()->SetResolvedField(dex_field_index, field, sizeof(void*));
+    if (resolved_field != nullptr) {
+      DCHECK_EQ(resolved_field, field);
+    } else {
+      // We rely on the field being resolved so that we can back to the ArtField
+      // (i.e. FromReflectedMethod).
+      field->GetDexCache()->SetResolvedField(dex_field_index, field, sizeof(void*));
+    }
   }
-  ret->SetType<kTransactionActive>(type);
+  ret->SetType<kTransactionActive>(type.Get());
   ret->SetDeclaringClass<kTransactionActive>(field->GetDeclaringClass());
   ret->SetAccessFlags<kTransactionActive>(field->GetAccessFlags());
   ret->SetDexFieldIndex<kTransactionActive>(dex_field_index);