Details
P4 Description
The native code for java.net.SocketInputStream, SocketOutputStream, PlainDatagramSocketImpl, and PlainSocketImpl relies on a bug in the JDK's JNI. If a field ID is requested for a class, but the field is declared private in one of that class's superclasses, it is permissible for the JNI implementation to return NULL for that GetFieldID operation (personal communication from Sheng Liang). The JDK's JNI implementation happens to return non-NULL jfieldIDs in this case.
In the above classes' native code, the FieldID for a private field is being requested (for example, the "fd" FileDescriptor field in FileInputStream) but the jclass for a subclass (for example, SocketInputStream) is being passed into the JNI's GetFieldID function.
The solution is to acquire a jclass reference to the desired superclass before requesting these FieldIDs. Here is an example:
diff -c SocketInputStream_md.c /ws/jdk1.3/src/solaris/native/java/net/SocketInputStream.c
----------------------------------------------------------------------------
***************
*** 32,38 ****
static jfieldID IO_fd_fdID;
! static jfieldID fis_fdID;
static jfieldID sis_implID;
/*
--- 30,36 ----
static jfieldID IO_fd_fdID;
! static jfieldID sis_fdID;
static jfieldID sis_implID;
/*
***************
*** 43,54 ****
JNIEXPORT void JNICALL
Java_java_net_SocketInputStream_init(JNIEnv *env, jclass cls) {
! jclass fis_cls =
! (*env)->FindClass(env, "java/io/FileInputStream");
! if (fis_cls == NULL) {
! return; /* exception */
! }
! fis_fdID = (*env)->GetFieldID(env, fis_cls, "fd",
"Ljava/io/FileDescriptor;");
IO_fd_fdID = NET_GetFileDescriptorID(env);
sis_implID = (*env)->GetFieldID(env, cls, "impl",
--- 41,47 ----
JNIEXPORT void JNICALL
Java_java_net_SocketInputStream_init(JNIEnv *env, jclass cls) {
! sis_fdID = (*env)->GetFieldID(env, cls, "fd",
"Ljava/io/FileDescriptor;");
IO_fd_fdID = NET_GetFileDescriptorID(env);
sis_implID = (*env)->GetFieldID(env, cls, "impl",
***************
*** 67,79 ****
char BUF[MAX_BUFFER_LEN];
/* The fd field */
! jobject fdObj = (*env)->GetObjectField(env, this, fis_fdID);
jint fd, timeout, nread;
/* The impl field */
jobject impl = (*env)->GetObjectField(env, this, sis_implID);
! jint datalen;
if (IS_NULL(fdObj)) {
/* should't this be a NullPointerException? -br */
--- 60,72 ----
char BUF[MAX_BUFFER_LEN];
/* The fd field */
! jobject fdObj = (*env)->GetObjectField(env, this, sis_fdID);
jint fd, timeout, nread;
/* The impl field */
jobject impl = (*env)->GetObjectField(env, this, sis_implID);
! jint datalen, n;
if (IS_NULL(fdObj)) {
/* should't this be a NullPointerException? -br */
----------------------------------------------------------------------------
I can supply patches for these four files; while I have tested SocketInputStream and SocketOutputStream, regression tests would still need to be run. The native code on both Solaris and Win32 is affected.
In the above classes' native code, the FieldID for a private field is being requested (for example, the "fd" FileDescriptor field in FileInputStream) but the jclass for a subclass (for example, SocketInputStream) is being passed into the JNI's GetFieldID function.
The solution is to acquire a jclass reference to the desired superclass before requesting these FieldIDs. Here is an example:
diff -c SocketInputStream_md.c /ws/jdk1.3/src/solaris/native/java/net/SocketInputStream.c
----------------------------------------------------------------------------
***************
*** 32,38 ****
static jfieldID IO_fd_fdID;
! static jfieldID fis_fdID;
static jfieldID sis_implID;
/*
--- 30,36 ----
static jfieldID IO_fd_fdID;
! static jfieldID sis_fdID;
static jfieldID sis_implID;
/*
***************
*** 43,54 ****
JNIEXPORT void JNICALL
Java_java_net_SocketInputStream_init(JNIEnv *env, jclass cls) {
! jclass fis_cls =
! (*env)->FindClass(env, "java/io/FileInputStream");
! if (fis_cls == NULL) {
! return; /* exception */
! }
! fis_fdID = (*env)->GetFieldID(env, fis_cls, "fd",
"Ljava/io/FileDescriptor;");
IO_fd_fdID = NET_GetFileDescriptorID(env);
sis_implID = (*env)->GetFieldID(env, cls, "impl",
--- 41,47 ----
JNIEXPORT void JNICALL
Java_java_net_SocketInputStream_init(JNIEnv *env, jclass cls) {
! sis_fdID = (*env)->GetFieldID(env, cls, "fd",
"Ljava/io/FileDescriptor;");
IO_fd_fdID = NET_GetFileDescriptorID(env);
sis_implID = (*env)->GetFieldID(env, cls, "impl",
***************
*** 67,79 ****
char BUF[MAX_BUFFER_LEN];
/* The fd field */
! jobject fdObj = (*env)->GetObjectField(env, this, fis_fdID);
jint fd, timeout, nread;
/* The impl field */
jobject impl = (*env)->GetObjectField(env, this, sis_implID);
! jint datalen;
if (IS_NULL(fdObj)) {
/* should't this be a NullPointerException? -br */
--- 60,72 ----
char BUF[MAX_BUFFER_LEN];
/* The fd field */
! jobject fdObj = (*env)->GetObjectField(env, this, sis_fdID);
jint fd, timeout, nread;
/* The impl field */
jobject impl = (*env)->GetObjectField(env, this, sis_implID);
! jint datalen, n;
if (IS_NULL(fdObj)) {
/* should't this be a NullPointerException? -br */
----------------------------------------------------------------------------
I can supply patches for these four files; while I have tested SocketInputStream and SocketOutputStream, regression tests would still need to be run. The native code on both Solaris and Win32 is affected.