Fix SF security vulnerability: 32660278

Because of lack of mutex lock when get mSidebandStream, if one thread getSidebandStream, another thread setSidebandStream frequently, an UAF will be triggered. Bug: 32660278 Test: Marlin device with poc Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45 (cherry picked from commit 2d8a2432e04234d9edbb3b099f9bbbaa36ad4843)

Fix SF security vulnerability: 32660278
Because of lack of mutex lock when get mSidebandStream, if one thread getSidebandStream, another thread setSidebandStream frequently, an UAF will be triggered. Bug: 32660278 Test: Marlin device with poc Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45 (cherry picked from commit 2d8a2432e04234d9edbb3b099f9bbbaa36ad4843)
675e212c · Fabien Sanglard · gitbuildkicker · e5753ba0 · 675e212c
Commit 675e212c authored 8 years ago by Fabien Sanglard Committed by gitbuildkicker 8 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

libs/gui/BufferQueueConsumer.cpp libs/gui/BufferQueueConsumer.cpp +1 -0

No files found.
--- a/libs/gui/BufferQueueConsumer.cpp
+++ b/libs/gui/BufferQueueConsumer.cpp
@@ -715,6 +715,7 @@ status_t BufferQueueConsumer::setTransformHint(uint32_t hint) {
 }

 sp<NativeHandle> BufferQueueConsumer::getSidebandStream() const {
+    Mutex::Autolock lock(mCore->mMutex);
    return mCore->mSidebandStream;
 }