OSDN Git Service

(root) / android-x86 / frameworks-native.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2c39ea1)
Fix SF security vulnerability: 32706020
authorFabien Sanglard <sanglardf@google.com>
Tue, 8 Nov 2016 23:35:02 +0000 (15:35 -0800)
committerFabien Sanglard <sanglardf@google.com>
Wed, 9 Nov 2016 17:25:44 +0000 (17:25 +0000)
Because of lack of mutex lock when get mConsumerName, if one thread
getConsumerName, another thread setConsumerName frequently, an UAF will
be triggered.

Change-Id: Id1bbf0d15de6d16def2f54ecade385058cda3b65
Test: Marling with poc provided in bug report.
Bug: 32706020

libs/gui/BufferQueueProducer.cpp patch | blob | history

diff --git a/libs/gui/BufferQueueProducer.cpp b/libs/gui/BufferQueueProducer.cpp
index 87e5b4d..c6851c8 100644 (file)
--- a/libs/gui/BufferQueueProducer.cpp
+++ b/libs/gui/BufferQueueProducer.cpp
@@ -1091,6 +1091,7 @@ status_t BufferQueueProducer::setGenerationNumber(uint32_t generationNumber) {
 
 String8 BufferQueueProducer::getConsumerName() const {
     ATRACE_CALL();
+    Mutex::Autolock lock(mCore->mMutex);
     BQ_LOGV("getConsumerName: %s", mConsumerName.string());
     return mConsumerName;
 }
frameworks/native
About OSDN
Find Software
Develop Software
Help