P1 From OJI sources, a call is made to proxyEnv->Get<PrimitiveType>ArrayElements(...)
(modules/oji/src/ProxyJNI.cpp file of Mozilla tree)
#define IMPLEMENT_GET_ARRAY_ELEMENTS(methodName, type) static type* JNICALL methodName(JNIEnv *env, type##Array array, jboolean *isCopy) { type* outElements = NULL; \ <- note that here it's set to NULL
^^^^^^^^^^^^^^^^^^^^^^^^
nsISecureEnv* secureEnv = GetSecureEnv(env); nsresult result; result = secureEnv->GetArrayElements(type##_type, array, isCopy, &outElements); \ <- see the code below: outElements never
changes
^^^^^^^^^^^^
return outElements; <- here we always return NULL to user
}
IMPLEMENT_GET_ARRAY_ELEMENTS(GetBooleanArrayElements, jboolean)
IMPLEMENT_GET_ARRAY_ELEMENTS(GetByteArrayElements, jbyte)
....
The implementation of secureEnv->GetArrayElements(...)
method is the following (src/motif/navug5/CSecureJNIEnv.cpp file in OJI Plugin tree):
NS_IMETHODIMP CSecureJNIEnv::GetArrayElements(/*[in]*/ jni_type element_type,
/*[in]*/ jarray array,
/*[in]*/ jboolean *isCopy,
/*[out]*/ void* result) <- &outElements comes here as void* though better to make it
void** but it doesn't really matter
^^^^^^^^^^^^^^^^^^^^^^^
{
fprintf(stderr, "CSecureJNI::GetArrayElements is called !\n");
if (m_env == NULL || result == NULL)
return NS_ERROR_NULL_POINTER;
fprintf(stderr, "CSecureJNI::GetArrayElements: switch by type ...\n");
switch (element_type)
{
case jboolean_type: {
result = (void*) m_env->GetBooleanArrayElements((jbooleanArray)array, isCopy); <- but in this line we actually affect
local "result" variable only and doesn't affect outElements anyhow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
break;
}
...
}
The most simple way to fix this bug is to make the following change in the code:
*(void**)result = (void*) m_env->GetBooleanArrayElements((jbooleanArray)array, isCopy);
I tried it out - it works OK.