Thank you for letting us know about the issue Jann. I will work on a
fix and send out the same for review once ready.
Regards,
Hridya
On Mon, Oct 7, 2019 at 2:04 PM Todd Kjos wrote:
>
> +Hridya Valsaraju
>
>
> On Mon, Oct 7, 2019 at 1:50 PM Jann Horn wrote:
> >
> > Hi!
> >
> > There is a
On Mon, Oct 07, 2019 at 10:49:57PM +0200, Jann Horn wrote:
> Hi!
>
> There is a use-after-free read in print_binder_transaction_log_entry()
> on ANDROID_BINDERFS kernels because
> print_binder_transaction_log_entry() prints the char* e->context_name
> as string, and if the transaction occurred on
+Hridya Valsaraju
On Mon, Oct 7, 2019 at 1:50 PM Jann Horn wrote:
>
> Hi!
>
> There is a use-after-free read in print_binder_transaction_log_entry()
> on ANDROID_BINDERFS kernels because
> print_binder_transaction_log_entry() prints the char* e->context_name
> as string, and if the transaction
Hi!
There is a use-after-free read in print_binder_transaction_log_entry()
on ANDROID_BINDERFS kernels because
print_binder_transaction_log_entry() prints the char* e->context_name
as string, and if the transaction occurred on a binder device from
binderfs, e->context_name belongs to the binder