summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNaveen Leekha <leekha@google.com>2015-09-22 18:04:44 -0700
committerThe Android Automerger <android-build@google.com>2015-09-28 17:08:24 -0700
commit846d747274455c58acf933794baef65c07502a2c (patch)
treefcd0ee0700102b2f7c11df2c9588ec7e5347b757
parente8293118b93ff33ce6a686b6d7c500ae9adb2bc9 (diff)
downloadframeworks_native-android-6.0.0_r5.zip
frameworks_native-android-6.0.0_r5.tar.gz
frameworks_native-android-6.0.0_r5.tar.bz2
The uninitialized local variables pick up whatever the memory content was there on stack. This data gets sent to the remote process in case of a failed transaction, which is a security issue. Fixed. (Partial manual merge of master change 12ba0f57d028a9c8f4eb3afddc326b70677d1e0c. Rest to automerge from klp-dev) For b/23696300 Change-Id: I704c9fab327b3545c58e8a9a96ac542eb7469c2a
-rw-r--r--libs/gui/IGraphicBufferProducer.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/libs/gui/IGraphicBufferProducer.cpp b/libs/gui/IGraphicBufferProducer.cpp
index d7a7885..2118c92 100644
--- a/libs/gui/IGraphicBufferProducer.cpp
+++ b/libs/gui/IGraphicBufferProducer.cpp
@@ -389,7 +389,7 @@ status_t BnGraphicBufferProducer::onTransact(
CHECK_INTERFACE(IGraphicBufferProducer, data, reply);
sp<GraphicBuffer> buffer = new GraphicBuffer();
data.read(*buffer.get());
- int slot;
+ int slot = 0;
int result = attachBuffer(&slot, buffer);
reply->writeInt32(slot);
reply->writeInt32(result);