widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed dangling pointer issue in CdmInfo.

Browse Source 
[ Cherry-pick of http://ag/34331848 ]
[ Merge of http://go/wvgerrit/224951 ]

There was a potential dangling pointer issue that was enabled
by how CdmInfo is initilized.  The file system that was passed
into the CdmEngine instance was pointing to a location in memory
that was not stable between move operations in the CdmInfo.
See b/429054262 for memory diagram of issue.

The CdmInfo is a private class within the Android CDM class, which
restricts the potential operations on it.  The easiest solution
is wrap the file system in a unique pointer; ensuring the pointer
remains stable even if a particular data segment of CdmInfo is
moved.

The default constructor for CdmInfo is deleted; this will force the
compiler to fail if |cdms_| is used in ways that would result in
uninitialized pointers.

Bug: 429054262
Test: WvTs on Komodo
Change-Id: I76a49fc5181ebd1613e238aa49986083a9f397ec
(cherry picked from commit 4c105faa4923bd9bd6352f757dedf3eaf9ed88fd)
This commit is contained in:
Alex Dale
2025-07-02 14:42:52 -07:00
parent e2fba86327
commit d7eab65c8c
2 changed files with 61 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libwvdrmengine/cdm/include/wv_content_decryption_module.h
View File

@@ -299,11 +299,29 @@ class WvContentDecryptionModule : public android::RefBase, public TimerHandler {
const std::string& signature);
private:
struct CdmInfo {
CdmInfo();
class CdmInfo {
public:
// This should never be used.
CdmInfo() = delete;
// It is expected that the filesystem loaded into |cdm_engine|
// is the same instance as |file_system|.
CdmInfo(std::unique_ptr<wvutil::FileSystem>&& file_system,
std::unique_ptr<CdmEngine>&& cdm_engine);
// No copy operators.
CdmInfo(const CdmInfo&) = delete;
CdmInfo& operator=(const CdmInfo&) = delete;
// Move operators OK.
CdmInfo(CdmInfo&&) = default;
CdmInfo& operator==(CdmInfo&& other);
wvutil::FileSystem file_system;
std::unique_ptr<CdmEngine> cdm_engine;
wvutil::FileSystem* file_system() { return file_system_.get(); }
CdmEngine* cdm_engine() { return cdm_engine_.get(); }
private:
// Order matters, |cdm_engine_| is expected to contain a pointer
// to |file_system_|.
std::unique_ptr<wvutil::FileSystem> file_system_;
std::unique_ptr<CdmEngine> cdm_engine_;
};
// Finds the CdmEngine instance for the given identifier, creating one if