1*795d594fSAndroid Build Coastguard Worker /* 2*795d594fSAndroid Build Coastguard Worker * Copyright (C) 2017 The Android Open Source Project 3*795d594fSAndroid Build Coastguard Worker * 4*795d594fSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*795d594fSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*795d594fSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*795d594fSAndroid Build Coastguard Worker * 8*795d594fSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*795d594fSAndroid Build Coastguard Worker * 10*795d594fSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*795d594fSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*795d594fSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*795d594fSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*795d594fSAndroid Build Coastguard Worker * limitations under the License. 15*795d594fSAndroid Build Coastguard Worker */ 16*795d594fSAndroid Build Coastguard Worker 17*795d594fSAndroid Build Coastguard Worker import java.lang.reflect.*; 18*795d594fSAndroid Build Coastguard Worker 19*795d594fSAndroid Build Coastguard Worker public class Main { 20*795d594fSAndroid Build Coastguard Worker public static final String TEST_NAME = "998-redefine-use-after-free"; 21*795d594fSAndroid Build Coastguard Worker public static final int REPS = 1000; 22*795d594fSAndroid Build Coastguard Worker public static final int STEP = 100; 23*795d594fSAndroid Build Coastguard Worker main(String[] args)24*795d594fSAndroid Build Coastguard Worker public static void main(String[] args) throws Exception { 25*795d594fSAndroid Build Coastguard Worker for (int i = 0; i < REPS; i += STEP) { 26*795d594fSAndroid Build Coastguard Worker runSeveralTimes(STEP); 27*795d594fSAndroid Build Coastguard Worker } 28*795d594fSAndroid Build Coastguard Worker } 29*795d594fSAndroid Build Coastguard Worker getClassLoaderFor(String location)30*795d594fSAndroid Build Coastguard Worker public static ClassLoader getClassLoaderFor(String location) throws Exception { 31*795d594fSAndroid Build Coastguard Worker try { 32*795d594fSAndroid Build Coastguard Worker Class<?> class_loader_class = Class.forName("dalvik.system.PathClassLoader"); 33*795d594fSAndroid Build Coastguard Worker Constructor<?> ctor = 34*795d594fSAndroid Build Coastguard Worker class_loader_class.getConstructor(String.class, ClassLoader.class); 35*795d594fSAndroid Build Coastguard Worker return (ClassLoader) ctor.newInstance( 36*795d594fSAndroid Build Coastguard Worker location + "/" + TEST_NAME + "-ex.jar", Main.class.getClassLoader()); 37*795d594fSAndroid Build Coastguard Worker } catch (ClassNotFoundException e) { 38*795d594fSAndroid Build Coastguard Worker // Running on RI. Use URLClassLoader. 39*795d594fSAndroid Build Coastguard Worker return new java.net.URLClassLoader( 40*795d594fSAndroid Build Coastguard Worker new java.net.URL[] { new java.net.URL("file://" + location + "/classes-ex/") }); 41*795d594fSAndroid Build Coastguard Worker } 42*795d594fSAndroid Build Coastguard Worker } 43*795d594fSAndroid Build Coastguard Worker 44*795d594fSAndroid Build Coastguard Worker // Run the redefinition several times on a single class-loader to try to trigger the 45*795d594fSAndroid Build Coastguard Worker // Use-after-free bug b/62237378 runSeveralTimes(int times)46*795d594fSAndroid Build Coastguard Worker public static void runSeveralTimes(int times) throws Exception { 47*795d594fSAndroid Build Coastguard Worker ClassLoader c = getClassLoaderFor(System.getenv("DEX_LOCATION")); 48*795d594fSAndroid Build Coastguard Worker 49*795d594fSAndroid Build Coastguard Worker Class<?> klass = (Class<?>) c.loadClass("DexCacheSmash"); 50*795d594fSAndroid Build Coastguard Worker Method m = klass.getDeclaredMethod("run"); 51*795d594fSAndroid Build Coastguard Worker for (int i = 0; i < times; i++) { 52*795d594fSAndroid Build Coastguard Worker m.invoke(null); 53*795d594fSAndroid Build Coastguard Worker } 54*795d594fSAndroid Build Coastguard Worker } 55*795d594fSAndroid Build Coastguard Worker } 56