commit 26410152e99af538242acd11472d045890d9611d
author Yu Shan <shanyu@google.com> Thu Jan 02 11:39:44 2025 -0800
committer Yu Shan <shanyu@google.com> Thu Jan 02 11:41:51 2025 -0800
tree 49ae0f343bc16ab7b47752341631e0fb274d1472
parent 6ba2617f40dad80cad0cce8d62d0fcb3c1b13dd6

Fix invalid memory access in DefaultVehicleHal.

We should not return a pointer that points to a local variable. Use
copy instead.

Flag: EXEMPT HAL
Test: atest DefaultVehicleHalTest
Bug: 386897768
Change-Id: I61e086b41d64ffde2555d7442009854977c152f9

automotive/vehicle/aidl/impl/current/vhal/include/DefaultVehicleHal.h

diff --git a/automotive/vehicle/aidl/impl/current/vhal/include/DefaultVehicleHal.h b/automotive/vehicle/aidl/impl/current/vhal/include/DefaultVehicleHal.h
index 8785bcd..02dbe9e 100644
--- a/automotive/vehicle/aidl/impl/current/vhal/include/DefaultVehicleHal.h
+++ b/automotive/vehicle/aidl/impl/current/vhal/include/DefaultVehicleHal.h
@@ -233,9 +233,9 @@
             std::function<void(const std::unordered_map<int32_t, aidlvhal::VehiclePropConfig>&)>
                     callback) const EXCLUDES(mConfigLock);
 
-    android::base::Result<const aidlvhal::VehicleAreaConfig*> getAreaConfigForPropIdAreaId(
+    android::base::Result<aidlvhal::VehicleAreaConfig> getAreaConfigForPropIdAreaId(
             int32_t propId, int32_t areaId) const;
-    android::base::Result<const aidlvhal::HasSupportedValueInfo*> getHasSupportedValueInfo(
+    android::base::Result<aidlvhal::HasSupportedValueInfo> getHasSupportedValueInfo(
             int32_t propId, int32_t areaId) const;
     // Puts the property change events into a queue so that they can handled in batch.
     static void batchPropertyChangeEvent(

automotive/vehicle/aidl/impl/current/vhal/src/DefaultVehicleHal.cpp

diff --git a/automotive/vehicle/aidl/impl/current/vhal/src/DefaultVehicleHal.cpp b/automotive/vehicle/aidl/impl/current/vhal/src/DefaultVehicleHal.cpp
index 9073d85..25af50e 100644
--- a/automotive/vehicle/aidl/impl/current/vhal/src/DefaultVehicleHal.cpp
+++ b/automotive/vehicle/aidl/impl/current/vhal/src/DefaultVehicleHal.cpp
@@ -969,8 +969,8 @@
     return ScopedAStatus::ok();
 }
 
-Result<const VehicleAreaConfig*> DefaultVehicleHal::getAreaConfigForPropIdAreaId(
-        int32_t propId, int32_t areaId) const {
+Result<VehicleAreaConfig> DefaultVehicleHal::getAreaConfigForPropIdAreaId(int32_t propId,
+                                                                          int32_t areaId) const {
     auto result = getConfig(propId);
     if (!result.ok()) {
         return Error() << "Failed to get property config for propertyId: " << propIdToString(propId)
@@ -982,12 +982,12 @@
         return Error() << "AreaId config not found for propertyId: " << propIdToString(propId)
                        << ", areaId: " << areaId;
     }
-    return areaConfig;
+    return *areaConfig;
 }
 
-Result<const HasSupportedValueInfo*> DefaultVehicleHal::getHasSupportedValueInfo(
-        int32_t propId, int32_t areaId) const {
-    Result<const VehicleAreaConfig*> propIdAreaIdConfigResult =
+Result<HasSupportedValueInfo> DefaultVehicleHal::getHasSupportedValueInfo(int32_t propId,
+                                                                          int32_t areaId) const {
+    Result<VehicleAreaConfig> propIdAreaIdConfigResult =
             getAreaConfigForPropIdAreaId(propId, areaId);
     if (!isGlobalProp(propId) && !propIdAreaIdConfigResult.ok()) {
         // For global property, it is possible that no config exists.
@@ -995,8 +995,8 @@
     }
     if (propIdAreaIdConfigResult.has_value()) {
         auto areaConfig = propIdAreaIdConfigResult.value();
-        if (areaConfig->hasSupportedValueInfo.has_value()) {
-            return &(areaConfig->hasSupportedValueInfo.value());
+        if (areaConfig.hasSupportedValueInfo.has_value()) {
+            return areaConfig.hasSupportedValueInfo.value();
         }
     }
     return Error() << "property: " << propIdToString(propId) << ", areaId: " << areaId
@@ -1023,7 +1023,7 @@
             continue;
         }
 
-        const auto& hasSupportedValueInfo = *(hasSupportedValueInfoResult.value());
+        const auto& hasSupportedValueInfo = hasSupportedValueInfoResult.value();
         if (hasSupportedValueInfo.hasSupportedValuesList) {
             toHardwarePropIdAreaIds.push_back(PropIdAreaId{.propId = propId, .areaId = areaId});
             toHardwareRequestCounters.push_back(requestCounter);
@@ -1084,7 +1084,7 @@
             continue;
         }
 
-        const auto& hasSupportedValueInfo = *(hasSupportedValueInfoResult.value());
+        const auto& hasSupportedValueInfo = hasSupportedValueInfoResult.value();
         if (hasSupportedValueInfo.hasMinSupportedValue ||
             hasSupportedValueInfo.hasMaxSupportedValue) {
             toHardwarePropIdAreaIds.push_back(PropIdAreaId{.propId = propId, .areaId = areaId});
@@ -1140,7 +1140,7 @@
                   hasSupportedValueInfoResult.error().message().c_str());
             return toScopedAStatus(hasSupportedValueInfoResult, StatusCode::INVALID_ARG);
         }
-        const auto& hasSupportedValueInfo = *(hasSupportedValueInfoResult.value());
+        const auto& hasSupportedValueInfo = hasSupportedValueInfoResult.value();
         if (!hasSupportedValueInfo.hasMinSupportedValue &&
             !hasSupportedValueInfo.hasMaxSupportedValue &&
             !hasSupportedValueInfo.hasSupportedValuesList) {