Fix security vulnerability

AOSP-Change-Id: I4c9ea3a3177131fa29d2561da71ef18bec3af108
Test: angler, marlin
Bug: 32628763

CVE-2017-0546

Change-Id: I3e87518163540a9fce1d4fc3751ed558d4854140
(cherry picked from commit 45b202513ba7440beaefbf9928f73fb6683dcfbd)
This commit is contained in:
Fabien Sanglard 2017-01-18 16:43:18 -08:00 committed by Sean McCreary
parent c2983e9d3b
commit e34afe0a4b

View File

@ -2249,8 +2249,7 @@ void SurfaceFlinger::setTransactionState(
if (s.client != NULL) { if (s.client != NULL) {
sp<IBinder> binder = IInterface::asBinder(s.client); sp<IBinder> binder = IInterface::asBinder(s.client);
if (binder != NULL) { if (binder != NULL) {
String16 desc(binder->getInterfaceDescriptor()); if (binder->queryLocalInterface(ISurfaceComposerClient::descriptor) != NULL) {
if (desc == ISurfaceComposerClient::descriptor) {
sp<Client> client( static_cast<Client *>(s.client.get()) ); sp<Client> client( static_cast<Client *>(s.client.get()) );
transactionFlags |= setClientStateLocked(client, s.state); transactionFlags |= setClientStateLocked(client, s.state);
} }