Audio HAL: Fix UAF if the effect is removed after close
Effect::close in V6 releases the underlying HAL effect.
It was not removing the effect entry from the effects
map, thus a call to Stream::removeEffect was retrieving
a stale handle.
Bug: 145656878
Test: start and stop recording for VOICE_COMMUNICATION
Change-Id: I47f486d3b6b4b0dc29acd1e3a2093e421b28d90b
diff --git a/audio/effect/all-versions/default/Effect.cpp b/audio/effect/all-versions/default/Effect.cpp
index 0afa779..33ec996 100644
--- a/audio/effect/all-versions/default/Effect.cpp
+++ b/audio/effect/all-versions/default/Effect.cpp
@@ -713,7 +713,10 @@
#elif MAJOR_VERSION >= 6
// No need to join the processing thread, it is part of the API contract that the client
// must finish processing before closing the effect.
- return analyzeStatus("EffectRelease", "", sContextCallFunction, EffectRelease(mHandle));
+ Result retval =
+ analyzeStatus("EffectRelease", "", sContextCallFunction, EffectRelease(mHandle));
+ EffectMap::getInstance().remove(mHandle);
+ return retval;
#endif
}