diff options
author | Fabien Sanglard <sanglardf@google.com> | 2016-12-05 15:06:29 -0800 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-12-19 14:41:21 -0800 |
commit | 16110b86db164e8d2b6864fed58f0385fe7d0979 (patch) | |
tree | 2b63da15310105f86dbaf79f95b89b21de1d9aa1 | |
parent | 2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34 (diff) | |
download | native-android-cts-7.1_r10.tar.gz |
Fix security vulneratibly 31960359android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-7.1.1_r23android-7.1.1_r22nougat-mr1-releasenougat-mr1-cts-release
BufferQueueCore features a variable mLastQueuedSlot which is not
initialized in its constructor resulting in security vulnerability
Bug: 31960359
Change-Id: If892f59f6288d8b81b1e312995832a20c8341494
Tests: Manually on Angler
(cherry picked from commit dffa078205f6b6c17e24214928f642393423e081)
-rw-r--r-- | libs/gui/BufferQueueCore.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/gui/BufferQueueCore.cpp b/libs/gui/BufferQueueCore.cpp index 9cb9c62401..4f6ecffd60 100644 --- a/libs/gui/BufferQueueCore.cpp +++ b/libs/gui/BufferQueueCore.cpp @@ -89,6 +89,7 @@ BufferQueueCore::BufferQueueCore(const sp<IGraphicBufferAlloc>& allocator) : mSharedBufferSlot(INVALID_BUFFER_SLOT), mSharedBufferCache(Rect::INVALID_RECT, 0, NATIVE_WINDOW_SCALING_MODE_FREEZE, HAL_DATASPACE_UNKNOWN), + mLastQueuedSlot(INVALID_BUFFER_SLOT), mUniqueId(getUniqueId()) { if (allocator == NULL) { |