Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 690e7313 authored by Hsin-chen Chuang's avatar Hsin-chen Chuang
Browse files

floss: SCO: Avoid use after free 

The unique_ptr<tUIPC_STATE> sco_uipc could be overwritten without
calling UIPC_Close, this could leave the UIPC thread alive and access
the UIPC structure while is already freed.

Bug: 373228946
Tag: #floss
Test: mmm packages/modules/Bluetooth
Test: bluetooth_AdapterAUHealth.all_floss
Flag: EXEMPT, Floss-only change
Change-Id: I085e70db774310118b9b7a2e9a4325c41ed71900
parent 2968117e

system/stack/btm/btm_sco_hci.cc

+1 −0
Original line number Diff line number Diff line
@@ -99,6 +99,7 @@ namespace sco { 
void open() {

  if (sco_uipc != nullptr) {

    log::warn("Re-opening UIPC that is already running");

    cleanup();

  }



  sco_uipc = UIPC_Init();