Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1d26007c authored by Xu Lai's avatar Xu Lai Committed by Lin Lili
Browse files

fix potential read null pointer 

Codec2Client::Component::HidlListener::onworkdone() could potentially
receive invalid workBundle because decoder has already been destructed.
this causes objcpy() of types.cpp read null pointer.

Bug: 242686314
Test: mediarecorder CTS test
Change-Id: I915aeea4e6a1ab06ca2c86c78f3f27f1046d38a1
parent 9e2e53d5

media/codec2/hidl/1.0/utils/types.cpp

+4 −0
Original line number Original line Diff line number Diff line
@@ -1447,6 +1447,10 @@ bool objcpy(C2FrameData* d, const FrameData& s, 
bool objcpy(C2BaseBlock* d, const BaseBlock& s) {

bool objcpy(C2BaseBlock* d, const BaseBlock& s) {

    switch (s.getDiscriminator()) {

    switch (s.getDiscriminator()) {

    case BaseBlock::hidl_discriminator::nativeBlock: {

    case BaseBlock::hidl_discriminator::nativeBlock: {

            if (s.nativeBlock() == nullptr) {

                LOG(ERROR) << "Null BaseBlock::nativeBlock handle";

                return false;

            }

            native_handle_t* sHandle =

            native_handle_t* sHandle =

                    native_handle_clone(s.nativeBlock());

                    native_handle_clone(s.nativeBlock());

            if (sHandle == nullptr) {

            if (sHandle == nullptr) {