SF: Fix UAF due to outliving idle timer - platform/frameworks/native

diff options

author	Dominik Laskowski <domlaskowski@google.com>	2022-01-07 14:30:53 -0800
committer	Dominik Laskowski <domlaskowski@google.com>	2022-01-08 18:55:29 -0800
commit	83bd771ca25844f6f00c7b60e554f6566a7a3222 (patch)
tree	40954db9be41a27c7ee36c2e20fa37fc3316ec2e /libs/gui/ISurfaceComposer.cpp
parent	91f635ea668d4ad70ad75e147abace56deead8b3 (diff)

SF: Fix UAF due to outliving idle timer

On Scheduler destruction, stop the timer and clear the callbacks, since the RefreshRateConfigs may outlive the Scheduler. On RefreshRateConfigs destruction, ensure the timer is destroyed before the mutex/callbacks. Invoke the callback under lock. Remove TestableSurfaceFlinger's subtle precondition that setupScheduler must be called prior to FakeDisplayDeviceInjector for them to share RefreshRateConfigs, which was not the case in DisplayModeSwitchingTest. TestableScheduler is deleted through a Scheduler pointer, so ~Scheduler should be virtual. Although ~TestableScheduler is trivial, this invoked undefined behavior. Bug: 213688734 Test: libsurfaceflinger_unittest --gtest_repeat=1000 Change-Id: Id23fafaf3d7071a5e28e275de386dd731a726006

Diffstat (limited to 'libs/gui/ISurfaceComposer.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: