diff options
author | Fabien Sanglard <sanglardf@google.com> | 2016-12-05 15:06:29 -0800 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-12-15 14:32:46 -0800 |
commit | 9efed76143985e0f0b9d27d82c595b870ae67b7c (patch) | |
tree | 41e66f6c50a8e5aa9b8b5d13b3aca612ab6653b5 | |
parent | 08f407d52b9b61a19572f2ef515da9013d75e42e (diff) | |
download | native-9efed76143985e0f0b9d27d82c595b870ae67b7c.tar.gz |
Fix security vulneratibly 31960359android-7.0.0_r28
BufferQueueCore features a variable mLastQueuedSlot which is not
initialized in its constructor resulting in security vulnerability
Bug: 31960359
Change-Id: If892f59f6288d8b81b1e312995832a20c8341494
Tests: Manually on Angler
(cherry picked from commit dffa078205f6b6c17e24214928f642393423e081)
-rw-r--r-- | libs/gui/BufferQueueCore.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/gui/BufferQueueCore.cpp b/libs/gui/BufferQueueCore.cpp index 9cb9c62401..4f6ecffd60 100644 --- a/libs/gui/BufferQueueCore.cpp +++ b/libs/gui/BufferQueueCore.cpp @@ -89,6 +89,7 @@ BufferQueueCore::BufferQueueCore(const sp<IGraphicBufferAlloc>& allocator) : mSharedBufferSlot(INVALID_BUFFER_SLOT), mSharedBufferCache(Rect::INVALID_RECT, 0, NATIVE_WINDOW_SCALING_MODE_FREEZE, HAL_DATASPACE_UNKNOWN), + mLastQueuedSlot(INVALID_BUFFER_SLOT), mUniqueId(getUniqueId()) { if (allocator == NULL) { |