AssetManager: fix use-after-free of asset
AssetManager::getPkgName(const char *apkgPath) creates a ResXMLTree on stack, opens an asset and assigns the asset's buffer to the ResXMLTree, then closes the asset before the ResXMLTree gets autodestroyed. For apps built with new tooling, this now causes app or system crashes. Bug report: https://jira.lineageos.org/browse/BUGBASH-1052 Detailed description of cause: https://issuetracker.google.com/issues/64434571#comment22 The patch ensures that the ResXMLTree object is destroyed prior to the Asset being closed. Change-Id: I041b002745ad2dc0deb09ee9cbd00e40c0202ac6 Signed-off-by: Olaf Titz <olaf81825@googlemail.com>
Loading
Please register or sign in to comment