Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d073eb7a authored by Fabien Sanglard's avatar Fabien Sanglard
Browse files

Fix SF security vulnerability: 32706020 

Because of lack of mutex lock when get mConsumerName, if one thread
getConsumerName, another thread setConsumerName frequently, an UAF will
be triggered.

Change-Id: Id1bbf0d15de6d16def2f54ecade385058cda3b65
Test: Marling with poc provided in bug report.
Bug: 32706020
parent 2c39ea10

libs/gui/BufferQueueProducer.cpp

+1 −0
Original line number Diff line number Diff line
@@ -1091,6 +1091,7 @@ status_t BufferQueueProducer::setGenerationNumber(uint32_t generationNumber) { 


String8 BufferQueueProducer::getConsumerName() const {

    ATRACE_CALL();

    Mutex::Autolock lock(mCore->mMutex);

    BQ_LOGV("getConsumerName: %s", mConsumerName.string());

    return mConsumerName;

}