summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabien Sanglard <sanglardf@google.com>2016-12-05 15:06:29 -0800
committergitbuildkicker <android-build@google.com>2017-01-04 10:37:14 -0800
commit74dae3378a4dfa885118f0ff5c807b42f3f9fb28 (patch)
treebfa6c4f7099351b8d52bd948d43382d1bf5f6de5
parent509fb5c3719d6b1fa0adec3b85b21115692d5dae (diff)
downloadandroid-frameworks-native-74dae3378a4dfa885118f0ff5c807b42f3f9fb28.tar.gz
android-frameworks-native-74dae3378a4dfa885118f0ff5c807b42f3f9fb28.tar.xz
Fix security vulneratibly 31960359
BufferQueueCore features a variable mLastQueuedSlot which is not initialized in its constructor resulting in security vulnerability Bug: 31960359 Change-Id: If892f59f6288d8b81b1e312995832a20c8341494 Tests: Manually on Angler (cherry picked from commit dffa078205f6b6c17e24214928f642393423e081)
-rw-r--r--libs/gui/BufferQueueCore.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/gui/BufferQueueCore.cpp b/libs/gui/BufferQueueCore.cpp
index 9cb9c62..4f6ecff 100644
--- a/libs/gui/BufferQueueCore.cpp
+++ b/libs/gui/BufferQueueCore.cpp
@@ -89,6 +89,7 @@ BufferQueueCore::BufferQueueCore(const sp<IGraphicBufferAlloc>& allocator) :
mSharedBufferSlot(INVALID_BUFFER_SLOT),
mSharedBufferCache(Rect::INVALID_RECT, 0, NATIVE_WINDOW_SCALING_MODE_FREEZE,
HAL_DATASPACE_UNKNOWN),
+ mLastQueuedSlot(INVALID_BUFFER_SLOT),
mUniqueId(getUniqueId())
{
if (allocator == NULL) {