Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63d8c70b authored by Hansong Zhang's avatar Hansong Zhang
Browse files

GD Reactor: Fix a potential use-after-free 

When a Reactable is freed, we cannot unlock its internal mutex.

Bug: 168271357
Tag: #gd-refactor
Test: cert/run --host
Change-Id: I4606965f0f3a73411068311fcaced570627e9679
parent 2c152b50

system/gd/os/linux_generic/reactor.cc

+2 −1
Original line number Diff line number Diff line
@@ -145,10 +145,11 @@ void Reactor::Run() { 
        reactable->on_write_ready_.Run();

      }

      {

        std::lock_guard<std::mutex> reactable_lock(reactable->mutex_);

        std::unique_lock<std::mutex> reactable_lock(reactable->mutex_);

        reactable->is_executing_ = false;

        if (reactable->removed_) {

          reactable->finished_promise_->set_value();

          reactable_lock.unlock();

          delete reactable;

        }

      }