Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_packages_providers_MediaProvider / f38de0b09885b8766de2b351d90cc86ce7d9240c
commitf38de0b09885b8766de2b351d90cc86ce7d9240c[log] [tgz]
authorZim <zezeozue@google.com>Thu Aug 05 15:29:02 2021 +0100
committerZim <zezeozue@google.com>Thu Aug 05 15:29:02 2021 +0100
treeb0a40b24e9c801236b0b658993ad1213d1ebd1ad
parent369f9c88158f0a07ed9be067a8ba8deba8659cca [diff]
Fix use-after-free bug in FuseDaemon

The FuseDaemon periodically runs fadvise on the lower file system to
avoid double caching. As part of 'recording' the write for the fadvise
queue we sometimes raced and had the following ordering of events:

T1: fuse_reply_write
T2: pf_release (destroy handle)
T1: Record (using already destroyed handle)

Now we, call Record before fuse_reply_write

Test: Manual
Bug: 192085766
Bug: 195615818
Change-Id: Iba7598d40aa03d082af10935552ac7db7e28c5b6
1 file changed
tree: b0a40b24e9c801236b0b658993ad1213d1ebd1ad
  1. apex/
  2. errorprone/
  3. jni/
  4. legacy/
  5. res/
  6. src/
  7. tests/
  8. tools/
  9. .clang-format
  10. Android.bp
  11. AndroidManifest.xml
  12. CleanSpec.mk
  13. deploy.sh
  14. gen_strings.py
  15. lint-baseline.xml
  16. logging.sh
  17. NOTICE
  18. OWNERS
  19. preinstalled-packages-com.android.providers.media.module.xml
  20. PREUPLOAD.cfg
  21. proguard.flags
  22. sqlite3.sh
  23. TEST_MAPPING
  24. trace.sh
  25. transcode.sh