From 0c681cdab47f5e72195f2aefe418117260e5c6e2 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Thu, 3 Mar 2022 21:34:53 -0800
Subject: [PATCH] Check null before dereferencing fds_to_ignore

---
 native/jni/zygisk/hook.cpp | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/native/jni/zygisk/hook.cpp b/native/jni/zygisk/hook.cpp
index 476342422..47763fc66 100644
--- a/native/jni/zygisk/hook.cpp
+++ b/native/jni/zygisk/hook.cpp
@@ -394,15 +394,17 @@ void HookContext::run_modules_pre(const vector<int> &fds) {
 
     // Add all ignored fd onto whitelist
     if (state[APP_SPECIALIZE] && args->fds_to_ignore) {
-        int len = env->GetArrayLength(*args->fds_to_ignore);
-        int *arr = env->GetIntArrayElements(*args->fds_to_ignore, nullptr);
-        for (int i = 0; i < len; ++i) {
-            int fd = arr[i];
-            if (fd >= 0 && fd < 1024) {
-                open_fds[fd] = true;
+        if (jintArray fdsToIgnore = *args->fds_to_ignore) {
+            int len = env->GetArrayLength(fdsToIgnore);
+            int *arr = env->GetIntArrayElements(fdsToIgnore, nullptr);
+            for (int i = 0; i < len; ++i) {
+                int fd = arr[i];
+                if (fd >= 0 && fd < 1024) {
+                    open_fds[fd] = true;
+                }
             }
+            env->ReleaseIntArrayElements(fdsToIgnore, arr, JNI_ABORT);
         }
-        env->ReleaseIntArrayElements(*args->fds_to_ignore, arr, 0);
     }
 
     // Close all unrecorded fds