Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PD#156601: security: fix security issue CVE-2017-13216
staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl A lock-unlock is missing in ASHMEM_SET_SIZE ioctl which can result in a race condition when mmap is called. After the !asma->file check, before setting asma->size, asma->file can be set in mmap. That would result in having different asma->size than the mapped memory size. Combined with ASHMEM_UNPIN ioctl and shrinker invocation, this can result in memory corruption. Bug: 66954097 Signed-off-by: Viktor Slavkovic <[email protected]> Change-Id: I268225133f96fde0fadd1ec621aafef27d392d65 Signed-off-by: Ao Xu <[email protected]>
- Loading branch information