Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit e687fa9a authored by Shivakumar Malke's avatar Shivakumar Malke Committed by Gerrit - the friendly Code Review server
Browse files

msm: camera: smmu: Use get_file to increase ref count 



Due to race condition, fd pointing to a particular dma buf
is released by userspace  before incrementing ref count and
hence freed that dma buf. When the call returns it still uses
the freed dma buf causing use-after-free.

This fix includes get_file API to increment ref count
before dma_buf_fd.

CRs-Fixed: 3341070
Change-Id: I8ebc37b4ceb5f8691bbbb3d26b8b64878d832fbe
Signed-off-by: default avatarShivakumar Malke <quic_smalke@quicinc.com>
parent c487910c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment