From 93312a3a38bc3573c9b15c6a3c4c11fcdcfaa0da Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Mon, 11 Jan 2016 11:42:48 -0800 Subject: [PATCH 1/2] IGraphicBufferConsumer: fix ATTACH_BUFFER info leak Bug: 26338113 Change-Id: I019c4df2c6adbc944122df96968ddd11a02ebe33 --- libs/gui/IGraphicBufferConsumer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/gui/IGraphicBufferConsumer.cpp b/libs/gui/IGraphicBufferConsumer.cpp index b86f4c5d2..c4660bad8 100644 --- a/libs/gui/IGraphicBufferConsumer.cpp +++ b/libs/gui/IGraphicBufferConsumer.cpp @@ -315,7 +315,7 @@ status_t BnGraphicBufferConsumer::onTransact( CHECK_INTERFACE(IGraphicBufferConsumer, data, reply); sp buffer = new GraphicBuffer(); data.read(*buffer.get()); - int slot; + int slot = -1; int result = attachBuffer(&slot, buffer); reply->writeInt32(slot); reply->writeInt32(result); From daca8c3407dcc43eeded42d49b4357ff507f27de Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Mon, 11 Jan 2016 15:02:12 -0800 Subject: [PATCH 2/2] IGraphicBufferProducer: fix QUEUE_BUFFER info leak Bug: 26338109 Change-Id: I8a979469bfe1e317ebdefa43685e19f9302baea8 --- libs/gui/IGraphicBufferProducer.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/libs/gui/IGraphicBufferProducer.cpp b/libs/gui/IGraphicBufferProducer.cpp index 8bdbc22ec..1099c84f8 100644 --- a/libs/gui/IGraphicBufferProducer.cpp +++ b/libs/gui/IGraphicBufferProducer.cpp @@ -402,6 +402,7 @@ status_t BnGraphicBufferProducer::onTransact( QueueBufferOutput* const output = reinterpret_cast( reply->writeInplace(sizeof(QueueBufferOutput))); + memset(output, 0, sizeof(QueueBufferOutput)); status_t result = queueBuffer(buf, input, output); reply->writeInt32(result); return NO_ERROR;