Skip to content

Commit

Permalink
Fix SF security vulnerability: 32660278
Browse files Browse the repository at this point in the history 
Because of lack of mutex lock when get mSidebandStream, if one thread
getSidebandStream, another thread setSidebandStream frequently, an UAF
will be triggered.

Bug: 32660278
Test: Marlin device with poc
Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45
  • Loading branch information
Fabien Sanglard committed Nov 9, 2016
1 parent e6bbe69 commit 2d8a243
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions libs/gui/BufferQueueConsumer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,6 +517,7 @@ status_t BufferQueueConsumer::setTransformHint(uint32_t hint) {
}

sp<NativeHandle> BufferQueueConsumer::getSidebandStream() const {
Mutex::Autolock lock(mCore->mMutex);
return mCore->mSidebandStream;
}

Expand Down

0 comments on commit 2d8a243

Please sign in to comment.