Skip to content
Snippets Groups Projects
Commit e541d97f authored by Satyanarayana Dash's avatar Satyanarayana Dash
Browse files

ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree 


When multiple threads is trying to tag/delete the same socket at the
same time, there is a chance the tag_ref_entry of the target socket to
be null before the uid_tag_data entry is freed. It is caused by the
ctrl_cmd_tag function where it doesn't correctly grab the spinlocks
when tagging a socket.

Signed-off-by: default avatarChenbo Feng <fengc@google.com>
Bug: 65853158
Change-Id: I5d89885918054cf835370a52bff2d693362ac5f0
Signed-off-by: default avatarSatyanarayana Dash <sadash@codeaurora.org>
parent 045d9cc0
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment