Fix SF security vulnerability: 32660278

Because of lack of mutex lock when get mSidebandStream, if one thread
getSidebandStream, another thread setSidebandStream frequently, an UAF
will be triggered.

Bug: 32660278
Test: Marlin device with poc
Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45
(cherry picked from commit 2d8a2432e04234d9edbb3b099f9bbbaa36ad4843)
(cherry picked from commit 675e212c8c6653825cc3352c603caf2e40b00f9f)
This commit is contained in:
Fabien Sanglard 2016-11-08 15:31:32 -08:00 committed by mh0rst
parent b22bca465e
commit 65166fe47d

View File

@ -572,6 +572,7 @@ status_t BufferQueueConsumer::setTransformHint(uint32_t hint) {
}
sp<NativeHandle> BufferQueueConsumer::getSidebandStream() const {
Mutex::Autolock lock(mCore->mMutex);
return mCore->mSidebandStream;
}