diff options
author | Fabien Sanglard <sanglardf@google.com> | 2016-12-05 15:06:29 -0800 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-12-14 16:53:10 -0800 |
commit | 079e79c4e949b4a718db7515eb872b95d341b345 (patch) | |
tree | 2b63da15310105f86dbaf79f95b89b21de1d9aa1 | |
parent | dc6d25ff1e1d4079853f2efc3c7147991fa7f18a (diff) | |
download | native-079e79c4e949b4a718db7515eb872b95d341b345.tar.gz |
Fix security vulneratibly 31960359android-7.1.1_r24android-7.1.1_r15android-7.1.1_r14
BufferQueueCore features a variable mLastQueuedSlot which is not
initialized in its constructor resulting in security vulnerability
Bug: 31960359
Change-Id: If892f59f6288d8b81b1e312995832a20c8341494
Tests: Manually on Angler
(cherry picked from commit dffa078205f6b6c17e24214928f642393423e081)
-rw-r--r-- | libs/gui/BufferQueueCore.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/gui/BufferQueueCore.cpp b/libs/gui/BufferQueueCore.cpp index 9cb9c62401..4f6ecffd60 100644 --- a/libs/gui/BufferQueueCore.cpp +++ b/libs/gui/BufferQueueCore.cpp @@ -89,6 +89,7 @@ BufferQueueCore::BufferQueueCore(const sp<IGraphicBufferAlloc>& allocator) : mSharedBufferSlot(INVALID_BUFFER_SLOT), mSharedBufferCache(Rect::INVALID_RECT, 0, NATIVE_WINDOW_SCALING_MODE_FREEZE, HAL_DATASPACE_UNKNOWN), + mLastQueuedSlot(INVALID_BUFFER_SLOT), mUniqueId(getUniqueId()) { if (allocator == NULL) { |