summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNaveen Leekha <leekha@google.com>2015-09-22 18:04:44 -0700
committerThe Android Automerger <android-build@android.com>2015-09-28 16:30:55 -0700
commit67a7582bae53bc29c64975226be6c58f5864f1d5 (patch)
treeea3c762d257db42854a9566506a2233cb3e502ad
parent2beb44cc2f8d123fefa25bc2c8f6956622a70b48 (diff)
downloadframeworks_native-67a7582bae53bc29c64975226be6c58f5864f1d5.zip
frameworks_native-67a7582bae53bc29c64975226be6c58f5864f1d5.tar.gz
frameworks_native-67a7582bae53bc29c64975226be6c58f5864f1d5.tar.bz2
The uninitialized local variables pick up whatever the memory content was there on stack. This data gets sent to the remote process in case of a failed transaction, which is a security issue. Fixed. (Partial manual merge of master change 12ba0f57d028a9c8f4eb3afddc326b70677d1e0c. Rest to automerge from klp-dev) For b/23696300 Change-Id: I704c9fab327b3545c58e8a9a96ac542eb7469c2a
-rw-r--r--libs/gui/IGraphicBufferProducer.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/libs/gui/IGraphicBufferProducer.cpp b/libs/gui/IGraphicBufferProducer.cpp
index 75c7cfc..4f7b0d3 100644
--- a/libs/gui/IGraphicBufferProducer.cpp
+++ b/libs/gui/IGraphicBufferProducer.cpp
@@ -344,7 +344,7 @@ status_t BnGraphicBufferProducer::onTransact(
CHECK_INTERFACE(IGraphicBufferProducer, data, reply);
sp<GraphicBuffer> buffer = new GraphicBuffer();
data.read(*buffer.get());
- int slot;
+ int slot = 0;
int result = attachBuffer(&slot, buffer);
reply->writeInt32(slot);
reply->writeInt32(result);