gralloc: avoid Null pointer dereference.
- getMetaData checks for Null param and returns error. It may lead to
Null pointer dereference in getMapSecureBufferFlag and getInterlacedFlag.
Change-Id: Ic6ae66198ba01c50b6f30086fcc35f2cf39cfb69
diff --git a/gralloc/QtiMapper.cpp b/gralloc/QtiMapper.cpp
index dc1b40c..dba446a 100644
--- a/gralloc/QtiMapper.cpp
+++ b/gralloc/QtiMapper.cpp
@@ -266,30 +266,30 @@
Return<void> QtiMapper::getMapSecureBufferFlag(void *buffer, getMapSecureBufferFlag_cb hidl_cb) {
auto err = Error::BAD_BUFFER;
auto hnd = static_cast<private_handle_t *>(buffer);
- int *map_secure_buffer = 0;
+ int map_secure_buffer = 0;
if (buffer != nullptr && private_handle_t::validate(hnd) == 0) {
- if (getMetaData(hnd, GET_MAP_SECURE_BUFFER, map_secure_buffer) != 0) {
- *map_secure_buffer = 0;
+ if (getMetaData(hnd, GET_MAP_SECURE_BUFFER, &map_secure_buffer) != 0) {
+ map_secure_buffer = 0;
} else {
err = Error::NONE;
}
}
- hidl_cb(err, *map_secure_buffer != 0);
+ hidl_cb(err, map_secure_buffer != 0);
return Void();
}
Return<void> QtiMapper::getInterlacedFlag(void *buffer, getInterlacedFlag_cb hidl_cb) {
auto err = Error::BAD_BUFFER;
auto hnd = static_cast<private_handle_t *>(buffer);
- int *interlaced_flag = nullptr;
+ int interlaced_flag = 0;
if (buffer != nullptr && private_handle_t::validate(hnd) == 0) {
- if (getMetaData(hnd, GET_PP_PARAM_INTERLACED, interlaced_flag) != 0) {
- *interlaced_flag = 0;
+ if (getMetaData(hnd, GET_PP_PARAM_INTERLACED, &interlaced_flag) != 0) {
+ interlaced_flag = 0;
} else {
err = Error::NONE;
}
}
- hidl_cb(err, *interlaced_flag != 0);
+ hidl_cb(err, interlaced_flag != 0);
return Void();
}