commit 4a2c8fc0fc47631550bc5ff8edd8221a3aea1b23
author Alex Light <allight@google.com> Fri Feb 12 11:01:54 2016 -0800
committer Alex Light <allight@google.com> Fri Feb 12 15:17:08 2016 -0800
tree 3c3e2e8e8ab38510ef8a7440bf893f8684bce9e4
parent b9adbf63f880f246d83b3af4ca03aca07711f857

Fix bug with verification of constructors

We would incorrectly allow the storing of values into superclass
fields before the superclass constructor was called.

Bug: 26965384

Change-Id: I45b824fbdbfc133663ed6d3306853595b5dc9262

runtime/verifier/method_verifier.cc

diff --git a/runtime/verifier/method_verifier.cc b/runtime/verifier/method_verifier.cc
index 8d5e6ea..1d31408 100644
--- a/runtime/verifier/method_verifier.cc
+++ b/runtime/verifier/method_verifier.cc
@@ -4526,6 +4526,19 @@
     if (UNLIKELY(have_pending_hard_failure_)) {
       return;
     }
+    if (should_adjust) {
+      if (field == nullptr) {
+        Fail(VERIFY_ERROR_BAD_CLASS_SOFT) << "Might be accessing a superclass instance field prior "
+                                          << "to the superclass being initialized in "
+                                          << PrettyMethod(dex_method_idx_, *dex_file_);
+      } else if (field->GetDeclaringClass() != GetDeclaringClass().GetClass()) {
+        Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "cannot access superclass instance field "
+                                          << PrettyField(field) << " of a not fully initialized "
+                                          << "object within the context of "
+                                          << PrettyMethod(dex_method_idx_, *dex_file_);
+        return;
+      }
+    }
   }
   const RegType* field_type = nullptr;
   if (field != nullptr) {