Audio HAL: Fix UAF if the effect is removed after close

Effect::close in V6 releases the underlying HAL effect. It was not removing the effect entry from the effects map, thus a call to Stream::removeEffect was retrieving a stale handle. Bug: 145656878 Test: start and stop recording for VOICE_COMMUNICATION Change-Id: I47f486d3b6b4b0dc29acd1e3a2093e421b28d90b
author: Mikhail Naganov <mnaganov@google.com> 2019-12-04 16:18:50 -0800
committer: Mikhail Naganov <mnaganov@google.com> 2019-12-04 16:21:28 -0800
commit: 532240f4eb07e638e306d59fb666b4dd8c8bce71 (patch)
tree: ba307e88adf070db8cd9949e70728beee73fdae2 /audio/effect/all-versions/default/Effect.cpp
parent: e7044daa5b021aac5d78fbc541a0f65e0d4aa59a (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/audio/effect/all-versions/default/Effect.cpp b/audio/effect/all-versions/default/Effect.cpp
index 0afa779f03..33ec996d57 100644
--- a/audio/effect/all-versions/default/Effect.cpp
+++ b/audio/effect/all-versions/default/Effect.cpp
@@ -713,7 +713,10 @@ Return<Result> Effect::close() {
 #elif MAJOR_VERSION >= 6
     // No need to join the processing thread, it is part of the API contract that the client
     // must finish processing before closing the effect.
-    return analyzeStatus("EffectRelease", "", sContextCallFunction, EffectRelease(mHandle));
+    Result retval =
+            analyzeStatus("EffectRelease", "", sContextCallFunction, EffectRelease(mHandle));
+    EffectMap::getInstance().remove(mHandle);
+    return retval;
 #endif
 }
author	Mikhail Naganov <mnaganov@google.com>	2019-12-04 16:18:50 -0800
committer	Mikhail Naganov <mnaganov@google.com>	2019-12-04 16:21:28 -0800
commit	532240f4eb07e638e306d59fb666b4dd8c8bce71 (patch)
tree	ba307e88adf070db8cd9949e70728beee73fdae2 /audio/effect/all-versions/default/Effect.cpp
parent	e7044daa5b021aac5d78fbc541a0f65e0d4aa59a (diff)