Fix dangling pointer bug when transitioning to background.
Dangling pointer left behind from the old rosalloc / dlmalloc
spaces. We now avoid using this pointer by using main_space_
and non_moving_space_ as well as clear the pointer when we remove
the space.
Bug: 16567203
Change-Id: Ida9ff30783e89cd4a4d86a4d0e912701692101f1
diff --git a/runtime/gc/heap.cc b/runtime/gc/heap.cc
index d6cf52f..33ff3bb 100644
--- a/runtime/gc/heap.cc
+++ b/runtime/gc/heap.cc
@@ -669,18 +669,11 @@
}
void Heap::MarkAllocStackAsLive(accounting::ObjectStack* stack) {
- space::ContinuousSpace* space1 = rosalloc_space_ != nullptr ? rosalloc_space_ : non_moving_space_;
- space::ContinuousSpace* space2 = dlmalloc_space_ != nullptr ? dlmalloc_space_ : non_moving_space_;
- // This is just logic to handle a case of either not having a rosalloc or dlmalloc space.
+ space::ContinuousSpace* space1 = main_space_ != nullptr ? main_space_ : non_moving_space_;
+ space::ContinuousSpace* space2 = non_moving_space_;
// TODO: Generalize this to n bitmaps?
- if (space1 == nullptr) {
- DCHECK(space2 != nullptr);
- space1 = space2;
- }
- if (space2 == nullptr) {
- DCHECK(space1 != nullptr);
- space2 = space1;
- }
+ CHECK(space1 != nullptr);
+ CHECK(space2 != nullptr);
MarkAllocStack(space1->GetLiveBitmap(), space2->GetLiveBitmap(),
large_object_space_->GetLiveBitmap(), stack);
}
@@ -1605,6 +1598,12 @@
// Remove the main space so that we don't try to trim it, this doens't work for debug
// builds since RosAlloc attempts to read the magic number from a protected page.
RemoveSpace(main_space_);
+ // Unset the pointers just in case.
+ if (dlmalloc_space_ == main_space_) {
+ dlmalloc_space_ = nullptr;
+ } else if (rosalloc_space_ == main_space_) {
+ rosalloc_space_ = nullptr;
+ }
RemoveRememberedSet(main_space_);
RemoveRememberedSet(main_space_backup_.get());
main_space_backup_.reset(nullptr);