From 2edb286ec41a42855b6ea25aa01ada90e8b2b64d Mon Sep 17 00:00:00 2001 From: Hajime Hoshi Date: Sun, 16 May 2021 02:20:58 +0900 Subject: [PATCH] audio/internal/oboe: Bug fix: Use-after-free of a player In theory, a closed player was used unexpectedly by these steps: 1. Suspend is called by switching the application 2. Player_Close is called 3. Resume is called by reactivating the application The set of GetPlayersToResume() had a closed player and the trying to play it caused the use-after-free problem. This changes fixes the issue by removing the player from the set of GetPlayerToResume() when closing it. iOS version already has the logic to remove the player appropriately. Updates #1645 Closes #1646 --- audio/internal/oboe/binding_android.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/audio/internal/oboe/binding_android.cpp b/audio/internal/oboe/binding_android.cpp index cc3f3879a..f225a2a50 100644 --- a/audio/internal/oboe/binding_android.cpp +++ b/audio/internal/oboe/binding_android.cpp @@ -141,6 +141,7 @@ public: std::lock_guard lock(PlayersMutex()); const char* msg = Close(); GetPlayers().erase(this); + GetPlayersToResume().erase(this); return msg; }