Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9e6b51eb authored by Hsin-chen Chuang's avatar Hsin-chen Chuang
Browse files

floss: A2DP: Avoid use-after-free of UIPC 

If the pointer is not null, then an UIPC could be in the background and
accesses the structure, which causes use-after-free.

Bug: 373228946
Tag: #floss
Test: mmm packages/modules/Bluetooth
Test: bluetooth_AdapterAUHealth.all_floss
Flag: EXEMPT, Floss-only change
Change-Id: I3f420b623b83830481d952012f6067410e9c6ba1
parent c350731a

system/audio_hal_interface/a2dp_encoding_host.cc

+4 −0
Original line number Diff line number Diff line
@@ -232,6 +232,10 @@ static BluetoothAudioPort const* bluetooth_audio_port = &null_audio_port; 
// Initialize BluetoothAudio HAL: openProvider

bool init(bluetooth::common::MessageLoopThread* /*message_loop*/,

          BluetoothAudioPort const* audio_port, bool /*offload_enabled*/) {

  if (a2dp_uipc != nullptr) {

    log::warn("Re-init-ing UIPC that is already running");

    cleanup();

  }

  a2dp_uipc = UIPC_Init();

  total_bytes_read_ = 0;

  data_position_ = {};