Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit a53acdc7 authored by Edwin Wong's avatar Edwin Wong Committed by android-build-team Robot
Browse files

[RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability. 

The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.

SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.

Test is run on rvc-dev branch, using target_hwasan-userdebug build.

Test: sts
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-176495665_sts64

Bug: 176495665
Bug: 176444161
Change-Id: If40e792cf78445a4b2dcce6a7d7905b5342c1724
(cherry picked from commit 7e4c587a)
parent cf37cf03
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment