Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2249c88e authored by Stan Rokita's avatar Stan Rokita
Browse files

Fix null pointer deref in libsensor SensorServer 

When trying to create a senor direct connection, check that native
handle resource is not null, and if so return BAD_VALUE error.

Bug: 135051254
Test: Load onto device and try "service call sensorservice 5"
commands that have no arguments and random arguments. Both throw  new error
and do not crash system as hoped.

Change-Id: Ie2eaf1a17843da89927293e408768bfbaaf86ec8
parent 61eba0db

libs/sensor/ISensorServer.cpp

+4 −0
Original line number Diff line number Diff line
@@ -199,6 +199,10 @@ status_t BnSensorServer::onTransact( 
            int32_t type = data.readInt32();

            int32_t format = data.readInt32();

            native_handle_t *resource = data.readNativeHandle();

            // Avoid a crash in native_handle_close if resource is nullptr

            if (resource == nullptr) {

                return BAD_VALUE;

            }

            sp<ISensorEventConnection> ch =

                    createSensorDirectConnection(opPackageName, size, type, format, resource);

            native_handle_close(resource);