commit | ecfd2147f58b401dc72a2c7eee86f235c22c0362 | [log] [tgz] |
---|---|---|
author | Eino-Ville Talvala <etalvala@google.com> | Wed Feb 01 15:27:41 2017 -0800 |
committer | Teemu Hukkanen <teemu@fairphone.com> | Sun Apr 23 19:57:05 2017 +0200 |
tree | 0aa5855b05016a3e1f0854e604d829526e1ee31a | |
parent | 2611ce8d9859ef58fb98dd70be314b5de28d4afb [diff] |
FPII-2918 :Elevation of privilege vulnerability in CameraBase CVE-2017-0544 A-31992879 CameraBase: Don't return an sp<> by reference If the server dies, the binder death callback clears out the global camera service sp<>, and any current references to it will become quite unhappy. Test: Camera CTS passes Bug: 31992879 Change-Id: I2966bed35d0319e3f26e3d4b1b8dc08006a22348 (cherry picked from commit 4b49489c12e6862e9a320ebcb53872e809ed20ec)