Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 532240f4 authored by Mikhail Naganov's avatar Mikhail Naganov
Browse files

Audio HAL: Fix UAF if the effect is removed after close 

Effect::close in V6 releases the underlying HAL effect.
It was not removing the effect entry from the effects
map, thus a call to Stream::removeEffect was retrieving
a stale handle.

Bug: 145656878
Test: start and stop recording for VOICE_COMMUNICATION
Change-Id: I47f486d3b6b4b0dc29acd1e3a2093e421b28d90b
parent e7044daa

audio/effect/all-versions/default/Effect.cpp

+4 −1
Original line number Diff line number Diff line
@@ -713,7 +713,10 @@ Return<Result> Effect::close() { 
#elif MAJOR_VERSION >= 6

    // No need to join the processing thread, it is part of the API contract that the client

    // must finish processing before closing the effect.

    return analyzeStatus("EffectRelease", "", sContextCallFunction, EffectRelease(mHandle));

    Result retval =

            analyzeStatus("EffectRelease", "", sContextCallFunction, EffectRelease(mHandle));

    EffectMap::getInstance().remove(mHandle);

    return retval;

#endif

}