commit | 2fdf54b050f728fd965c9afdd03116e9b9dafbae | [log] [tgz] |
---|---|---|
author | Shruti Bihani <shrutibihani@google.com> | Thu Jul 13 09:19:08 2023 +0000 |
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | Thu Sep 07 21:54:37 2023 +0000 |
tree | 95ffac43cd8b0ce8e6004ad42b43323bd85f069d | |
parent | 53243faf690a49e00952b3d3956d2fff0b8d4a3c [diff] |
Fix heap-use-after-free issue flagged by fuzzer test. A data member of class MtpFfsHandle is being accessed after the class object has been freed in the fuzzer. The method accessing the data member is running in a separate thread that gets detached from its parent. Using a conditional variable with an atomic int predicate in the close() function to ensure the detached thread's execution has completed before freeing the object fixes the issue without blocking the processing mid-way. Bug: 243381410 Test: Build mtp_handle_fuzzer and run on the target device (cherry picked from commit 50bf46a3f62136386548a9187a749936bda3ee8f) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:05dc1c083095ebee0faa20498153eb466082ace0) Merged-In: I41dde165a5eba151c958b81417d9e1065af1b411 Change-Id: I41dde165a5eba151c958b81417d9e1065af1b411