Fix SF security vulnerability: 32706020
Because of lack of mutex lock when get mConsumerName, if one thread getConsumerName, another thread setConsumerName frequently, an UAF will be triggered. Change-Id: Id1bbf0d15de6d16def2f54ecade385058cda3b65 Test: Marling with poc provided in bug report. Bug: 32706020 (cherry picked from commit d073eb7a3f28fd74bfa24c8b7599465cb7de5436) (cherry picked from commit 2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34)
This commit is contained in:
Fabien Sanglard
Brinly Taylor
parent
0ff545d4a7
commit
c2983e9d3b
@ -1091,6 +1091,7 @@ status_t BufferQueueProducer::setGenerationNumber(uint32_t generationNumber) {
|
||||
|
||||
String8 BufferQueueProducer::getConsumerName() const {
|
||||
ATRACE_CALL();
|
||||
Mutex::Autolock lock(mCore->mMutex);
|
||||
BQ_LOGV("getConsumerName: %s", mConsumerName.string());
|
||||
return mConsumerName;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user