system_netd.git - system

diff options

author	Ken Chen <cken@google.com>	2019-01-26 19:17:00 +0800
committer	Bernie Innocenti <codewiz@google.com>	2019-02-07 07:22:23 +0000
commit	9762bc1964a37ec56091ee2b6070e19c5206f615 (patch)
tree	8af63a52f028f62b543b15ccf8ba3fd0baefe8b0 /server/InterfaceController.cpp
parent	3eeb0e6b86ac8a7f00968d0a086381e7dcd8cc2b (diff)

Clear Element.mRef immediately after deallocating it

DNSServiceRefDeallocate() and pointer dereferencing in request handler thread are protected by two separate lock/unlock pairs on mHeadMutex. If rescan() runs between these, it could dereference mRef, causing a heap-use-after-free bug. Solution: set mRef to null immediately after freeing it. Bug: 121327565 Test: build Change-Id: I56ace2ad8a2da528afa375aefb1b9420547658a7

Diffstat (limited to 'server/InterfaceController.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: