Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit fe3708f7 authored by Dongwon Kang's avatar Dongwon Kang
Browse files

Fix a race condition in OMXNodeInstance 

When it frees the buffers, there might be pending events in
OMX::CallbackDispatcher and these event can be handled after
the component frees the buffers. To prevent the UAF case, this
change invalidates the buffers in the client side first before
calling OMX_FreeBuffer.

Test: run poc with and without the patch
Test: cts-tradefed run cts-dev --module CtsMediaTestCases
      --compatibility:module-arg CtsMediaTestCases:include-annotation:
      android.platform.test.annotations.RequiresDevice
Bug: 77474014
Change-Id: I0b7c4291967564f697e7f6a5ecbc31d4dae3cbcd
parent ed3f73e9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment