Fix UAF in metrics summarizer code ASAN tools found an instance of holding a reference to a variable that had gone out of scope, resulting in a use-after-free. This code changes the constructs around a little and ensures that the reference does not outlive the variable's scope. Re-scanned other code added at the same time, but did not find any other similar scoping issues. Bug: 37276863 Test: boot and execute; no ASAN re-test

commit: de000859656a99c35a08cc62f255f3db1d463716 [log] [tgz]
author: Ray Essick <essick@google.com> Thu Apr 13 10:16:25 2017 -0700
committer: Ray Essick <essick@google.com> Thu Apr 13 10:16:25 2017 -0700
tree: a2f9572a36f6a408fb3c2e136bdf91f171ef7501
parent: e61d039902da4c7ea0efffa620ddd35097566a25 [diff]
diff --git a/services/mediaanalytics/MetricsSummarizer.cpp b/services/mediaanalytics/MetricsSummarizer.cpp
index fc8f594..3477f1f 100644
--- a/services/mediaanalytics/MetricsSummarizer.cpp
+++ b/services/mediaanalytics/MetricsSummarizer.cpp

@@ -85,16 +85,12 @@
 // should the record be given to this summarizer
 bool MetricsSummarizer::isMine(MediaAnalyticsItem &item)
 {
-    const char *incoming = item.getKey().c_str();
-    if (incoming == NULL) {
-        incoming = "unspecified";
-    }
     if (mKey == NULL)
         return true;
-    if (strcmp(mKey, incoming) != 0) {
+    AString itemKey = item.getKey();
+    if (strcmp(mKey, itemKey.c_str()) != 0) {
         return false;
     }
-    // since nothing failed....
     return true;
 }
commit	de000859656a99c35a08cc62f255f3db1d463716	[log] [tgz]
author	Ray Essick <essick@google.com>	Thu Apr 13 10:16:25 2017 -0700
committer	Ray Essick <essick@google.com>	Thu Apr 13 10:16:25 2017 -0700
tree	a2f9572a36f6a408fb3c2e136bdf91f171ef7501
parent	e61d039902da4c7ea0efffa620ddd35097566a25 [diff]