diff options
| author | Edwin Wong <edwinwong@google.com> | 2021-04-05 21:15:32 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-04-05 21:15:32 +0000 |
| commit | 2a41846f89b9890b93eb4cc501f55a7b315cd58a (patch) | |
| tree | 3b7d2c55bf74b09469307310d876baa373bc18f7 | |
| parent | 6889557362e8d542c99d4138fa0c0a98e8ffb9a7 (diff) | |
| parent | 3c73391f6e8c4d28f4ed3d1fc7379acdebaa6fa6 (diff) | |
Merge "Fix possible uaf of play policy state" into qt-dev
| -rw-r--r-- | drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp | 1 | ||||
| -rw-r--r-- | drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h | 2 | ||||
| -rw-r--r-- | drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp | 3 |
3 files changed, 4 insertions, 2 deletions
diff --git a/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp b/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp index 6ac3510c7c..089eb1cdc9 100644 --- a/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp +++ b/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp @@ -207,6 +207,7 @@ status_t DrmPlugin::queryKeyStatus( } infoMap.clear(); + android::Mutex::Autolock lock(mPlayPolicyLock); for (size_t i = 0; i < mPlayPolicy.size(); ++i) { infoMap.add(mPlayPolicy.keyAt(i), mPlayPolicy.valueAt(i)); } diff --git a/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h b/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h index aa9b59ddbb..95f15caffe 100644 --- a/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h +++ b/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h @@ -262,7 +262,7 @@ private: void initProperties(); void setPlayPolicy(); - android::Mutex mPlayPolicyLock; + mutable android::Mutex mPlayPolicyLock; android::KeyedVector<String8, String8> mPlayPolicy; android::KeyedVector<String8, String8> mStringProperties; android::KeyedVector<String8, Vector<uint8_t>> mByteArrayProperties; diff --git a/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp b/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp index 8150c1dcc8..f33b6480df 100644 --- a/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp +++ b/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp @@ -568,7 +568,6 @@ Return<Status> DrmPlugin::setPropertyByteArray( Return<void> DrmPlugin::queryKeyStatus( const hidl_vec<uint8_t>& sessionId, queryKeyStatus_cb _hidl_cb) { - if (sessionId.size() == 0) { // Returns empty key status KeyValue pair _hidl_cb(Status::BAD_VALUE, hidl_vec<KeyValue>()); @@ -578,12 +577,14 @@ Return<void> DrmPlugin::queryKeyStatus( std::vector<KeyValue> infoMapVec; infoMapVec.clear(); + mPlayPolicyLock.lock(); KeyValue keyValuePair; for (size_t i = 0; i < mPlayPolicy.size(); ++i) { keyValuePair.key = mPlayPolicy[i].key; keyValuePair.value = mPlayPolicy[i].value; infoMapVec.push_back(keyValuePair); } + mPlayPolicyLock.unlock(); _hidl_cb(Status::OK, toHidlVec(infoMapVec)); return Void(); } |