diff options
author | Fabien Sanglard <sanglardf@google.com> | 2016-12-05 15:06:29 -0800 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-12-19 16:17:47 -0800 |
commit | abf62d38daff481eace052af6368d6a085dd50ac (patch) | |
tree | 2b63da15310105f86dbaf79f95b89b21de1d9aa1 | |
parent | c6050cbca0a0ce79f23e244ec9bc8fbdbb9ec24b (diff) | |
download | native-nougat-mr1.4-release.tar.gz |
Fix security vulneratibly 31960359android-7.1.1_r27android-7.1.1_r16nougat-mr1.4-release
BufferQueueCore features a variable mLastQueuedSlot which is not
initialized in its constructor resulting in security vulnerability
Bug: 31960359
Change-Id: If892f59f6288d8b81b1e312995832a20c8341494
Tests: Manually on Angler
(cherry picked from commit dffa078205f6b6c17e24214928f642393423e081)
-rw-r--r-- | libs/gui/BufferQueueCore.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/gui/BufferQueueCore.cpp b/libs/gui/BufferQueueCore.cpp index 9cb9c62401..4f6ecffd60 100644 --- a/libs/gui/BufferQueueCore.cpp +++ b/libs/gui/BufferQueueCore.cpp @@ -89,6 +89,7 @@ BufferQueueCore::BufferQueueCore(const sp<IGraphicBufferAlloc>& allocator) : mSharedBufferSlot(INVALID_BUFFER_SLOT), mSharedBufferCache(Rect::INVALID_RECT, 0, NATIVE_WINDOW_SCALING_MODE_FREEZE, HAL_DATASPACE_UNKNOWN), + mLastQueuedSlot(INVALID_BUFFER_SLOT), mUniqueId(getUniqueId()) { if (allocator == NULL) { |