Fabio/Auxio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

musikr: fix use-after-free in jni

Browse source
This commit is contained in:
Alexander Capehart 2025-02-21 09:30:37 -07:00
parent a1d62c2a08
commit e442fcf253
No known key found for this signature in database
GPG key ID: 37DBE3621FE9AD47
2 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
musikr/src/main/cpp/JInputStream.cpp
View file

@ -31,7 +31,7 @@ JInputStream::JInputStream(JNIEnv *env, jobject jInputStream) : env(env), jInput
if (!env->IsInstanceOf(jInputStream, *jInputStreamClass)) { if (!env->IsInstanceOf(jInputStream, *jInputStreamClass)) {
throw std::runtime_error("Object is not NativeInputStream"); throw std::runtime_error("Object is not NativeInputStream");
} }
jInputStreamNameMethod = jInputStreamClass.method("name", jmethodID jInputStreamNameMethod = jInputStreamClass.method("name",
"()Ljava/lang/String;"); "()Ljava/lang/String;");
jInputStreamReadBlockMethod = jInputStreamClass.method("readBlock", jInputStreamReadBlockMethod = jInputStreamClass.method("readBlock",
"(Ljava/nio/ByteBuffer;)Z"); "(Ljava/nio/ByteBuffer;)Z");
@ -44,6 +44,9 @@ JInputStream::JInputStream(JNIEnv *env, jobject jInputStream) : env(env), jInput
"(J)Z"); "(J)Z");
jInputStreamTellMethod = jInputStreamClass.method("tell", "()J"); jInputStreamTellMethod = jInputStreamClass.method("tell", "()J");
jInputStreamLengthMethod = jInputStreamClass.method("length", "()J"); jInputStreamLengthMethod = jInputStreamClass.method("length", "()J");
JStringRef jName = { env, reinterpret_cast<jstring>(env->CallObjectMethod(
jInputStream, jInputStreamNameMethod)) };
_name = TagLib::String(env->GetStringUTFChars(*jName, nullptr));
} }
JInputStream::~JInputStream() { JInputStream::~JInputStream() {
@ -51,11 +54,8 @@ JInputStream::~JInputStream() {
// so we don't need to delete any references here // so we don't need to delete any references here
} }
TagLib::FileName JInputStream::name() const { TagLib::FileName /* const char * */ JInputStream::name() const {
// Not actually used except in FileRef, can safely ignore. return _name.toCString(true);
JStringRef jName { env, reinterpret_cast<jstring>(env->CallObjectMethod(
jInputStream, jInputStreamNameMethod)) };
return jName.copy().toCString();
} }
TagLib::ByteVector JInputStream::readBlock(size_t length) { TagLib::ByteVector JInputStream::readBlock(size_t length) {

5
musikr/src/main/cpp/JInputStream.h
View file

@ -23,6 +23,7 @@
#include "JObjectRef.h" #include "JObjectRef.h"
#include "taglib/tiostream.h" #include "taglib/tiostream.h"
#include "taglib/tstring.h"
class JInputStream: public TagLib::IOStream { class JInputStream: public TagLib::IOStream {
public: public:
@ -36,7 +37,7 @@ public:
/*! /*!
* Returns the stream name in the local file system encoding. * Returns the stream name in the local file system encoding.
*/ */
TagLib::FileName name() const override; TagLib::FileName /* const char * */ name() const override;
/*! /*!
* Reads a block of size \a length at the current get pointer. * Reads a block of size \a length at the current get pointer.
@ -115,7 +116,7 @@ public:
private: private:
JNIEnv *env; JNIEnv *env;
jobject jInputStream; jobject jInputStream;
jmethodID jInputStreamNameMethod; TagLib::String _name;
jmethodID jInputStreamReadBlockMethod; jmethodID jInputStreamReadBlockMethod;
jmethodID jInputStreamIsOpenMethod; jmethodID jInputStreamIsOpenMethod;
jmethodID jInputStreamSeekFromBeginningMethod; jmethodID jInputStreamSeekFromBeginningMethod;