From ce6980732ddd0e7b184752b70a568d4f9a89a415 Mon Sep 17 00:00:00 2001
From: Keith Mok <keithmok@google.com>
Date: Fri, 19 Aug 2022 03:45:27 +0000
Subject: Fix sensor_fuzzer crash

The fuzzer itself use std::string("xxx").c_str()
which std:string will be out of scope immediately
Causing the c_str pointing to data already free

Test: sensor_fuzzer
Bug: 242089424
Change-Id: I42865b12b8a208ffa48a7c3cc7cadd505e47c1c0
---
 libs/sensor/fuzz/sensor_fuzzer/sensor_fuzzer.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libs/sensor/fuzz/sensor_fuzzer/sensor_fuzzer.cpp b/libs/sensor/fuzz/sensor_fuzzer/sensor_fuzzer.cpp
index 129f4302c5..0e110b7e6f 100644
--- a/libs/sensor/fuzz/sensor_fuzzer/sensor_fuzzer.cpp
+++ b/libs/sensor/fuzz/sensor_fuzzer/sensor_fuzzer.cpp
@@ -26,8 +26,10 @@ const int MAX_STR_LEN = 32;
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     FuzzedDataProvider fdp(data, size);
     struct sensor_t sensor_type;
-    sensor_type.name = fdp.ConsumeBytesAsString(MAX_STR_LEN).c_str();
-    sensor_type.vendor = fdp.ConsumeBytesAsString(MAX_STR_LEN).c_str();
+    std::string name = fdp.ConsumeBytesAsString(MAX_STR_LEN);
+    sensor_type.name = name.c_str();
+    std::string vendor = fdp.ConsumeBytesAsString(MAX_STR_LEN);
+    sensor_type.vendor = vendor.c_str();
     sensor_type.stringType = "";
     sensor_type.requiredPermission = "";
     sensor_type.version = fdp.ConsumeIntegral<int>();
-- 
cgit v1.2.3-59-g8ed1b