aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTao Bao2017-04-17 12:44:00 -0500
committerTao Bao2017-04-17 17:59:10 -0500
commit99c549db74ea697136820cf4bdca8a486747f569 (patch)
tree20a7e0177ce772f84c4f8f7d0ccd80f595958155 /install.cpp
parent7fdcb19e10528afd1cd0a80fa2efa51e5e6e3aba (diff)
downloadplatform-bootable-recovery-99c549db74ea697136820cf4bdca8a486747f569.tar.gz
platform-bootable-recovery-99c549db74ea697136820cf4bdca8a486747f569.tar.xz
platform-bootable-recovery-99c549db74ea697136820cf4bdca8a486747f569.zip
Fix the double free in verify_package_compatibility().
""" void* cookie; std::unique_ptr<void, decltype(&EndIteration)> guard(cookie, EndIteration); ... EndIteration(cookie); """ The above pattern is buggy that frees 'cookie' twice. Bug: 37413730 Test: Build new recovery and adb sideload a previously crashed package that contains 'compatibility.zip'. Change-Id: I183c33827fb28a438ebaedda446e84cabe7cb92d (cherry picked from commit f978278995d02a58e311fe017bdbb2c3702dd3bc)
Diffstat (limited to 'install.cpp')
-rw-r--r--install.cpp1
1 files changed, 0 insertions, 1 deletions
diff --git a/install.cpp b/install.cpp
index b4b869b9..6dcd3565 100644
--- a/install.cpp
+++ b/install.cpp
@@ -544,7 +544,6 @@ bool verify_package_compatibility(ZipArchiveHandle package_zip) {
544 } 544 }
545 compatibility_info.emplace_back(std::move(content)); 545 compatibility_info.emplace_back(std::move(content));
546 } 546 }
547 EndIteration(cookie);
548 CloseArchive(zip_handle); 547 CloseArchive(zip_handle);
549 548
550 // TODO(b/36814503): Enable the actual verification when VintfObject::CheckCompatibility() lands. 549 // TODO(b/36814503): Enable the actual verification when VintfObject::CheckCompatibility() lands.