Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 91d50bbf authored by Mikhail Naganov's avatar Mikhail Naganov
Browse files

Serializer: fix allocator / deallocator mismatch 

Use of unique_ptr<char[]> for pointers to C strings is invalid
as it calls 'delete[]' on a heap block allocated via 'malloc'.
Use a specialization of unique_ptr which calls 'free' instead.

Bug: 184845897
Test: see PoC in the bug
Change-Id: Ib9264bebb9753d19965095ccd904aeaf54d84636
parent 17879bb4

services/audiopolicy/common/managerdefinitions/src/Serializer.cpp

+13 −1
Original line number Diff line number Diff line
@@ -253,6 +253,18 @@ private: 
    // Children: ModulesTraits, VolumeTraits, SurroundSoundTraits (optional)

};



// Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.

struct FreeDelete {

    // NOTE: Deleting a const object is valid but free() takes a non-const pointer.

    void operator()(const void* ptr) const {

        free(const_cast<void*>(ptr));

    }

};



// Alias for std::unique_ptr<> that uses the C function free() to delete objects.

template <typename T>

using UniqueCPtr = std::unique_ptr<T, FreeDelete>;



template <class T>

constexpr void (*xmlDeleter)(T* t);

template <>
@@ -608,7 +620,7 @@ std::variant<status_t, RouteTraits::Element> PolicySerializer::deserialize<Route 
    }

    // Tokenize and Convert Sources name to port pointer

    PolicyAudioPortVector sources;

    std::unique_ptr<char[]> sourcesLiteral{strndup(

    UniqueCPtr<char> sourcesLiteral{strndup(

                sourcesAttr.c_str(), strlen(sourcesAttr.c_str()))};

    char *devTag = strtok(sourcesLiteral.get(), ",");

    while (devTag != NULL) {