P1
( I think I goofed up again. Bugtraq Query showed me a differnt description).
( This bug still holds . Sorry about the confusion).
When calling
proxyEnv->Release<PrimitiveType>ArrayElements(JNIEnv *env, ArrayType array, NativeType *elems, jint mode)
method with mode = 0 or mode = JNI_COMMIT
elems buffer isn't copied back into array correctly.
It happens due to the followin bug in
src/motif/jvm_natives/server.c file:
#define DEFINE_RELEASESCALARARRAYELEMENTS(type, Result, tag) case tag: { jarray arr = (jarray) get_bits32(pipe); int mode = (int) get_bits32(pipe); int size = (int) get_bits32(pipe); type *arrEl = (*env)->Get##Result##ArrayElements(env, arr, 0); get_bytes(pipe, arrEl, size); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <- here size is the number of elements in the array,
so we have to multiply it by sizeof(type) to get the entire
native array
get_bytes(pipe, arrEl, size*sizeof(type));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <- this is the correct variant
(*env)->Release##Result##ArrayElements(env, arr, arrEl, 0); break; }
( This bug still holds . Sorry about the confusion).
When calling
proxyEnv->Release<PrimitiveType>ArrayElements(JNIEnv *env, ArrayType array, NativeType *elems, jint mode)
method with mode = 0 or mode = JNI_COMMIT
elems buffer isn't copied back into array correctly.
It happens due to the followin bug in
src/motif/jvm_natives/server.c file:
#define DEFINE_RELEASESCALARARRAYELEMENTS(type, Result, tag) case tag: { jarray arr = (jarray) get_bits32(pipe); int mode = (int) get_bits32(pipe); int size = (int) get_bits32(pipe); type *arrEl = (*env)->Get##Result##ArrayElements(env, arr, 0); get_bytes(pipe, arrEl, size); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <- here size is the number of elements in the array,
so we have to multiply it by sizeof(type) to get the entire
native array
get_bytes(pipe, arrEl, size*sizeof(type));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <- this is the correct variant
(*env)->Release##Result##ArrayElements(env, arr, arrEl, 0); break; }