health: Check return value of LinkedCallback::Make. If LinkedCallback::Make returns nullptr, do not put it in Health::callback_. Otherwise, OnHealthInfoChanged crashes later because the linked callback objects are not null checked before accessing. Test: android.hardware.health-service.aidl_fuzzer (with a special corpus) Fixes: 289599278 Change-Id: I8bad41dbcfbefeb54744059baffd4eef1ae7ec42

commit: 70197263f0bfba33e8d8f17b9cad7e748b966b82 [log] [tgz]
author: Yifan Hong <elsk@google.com> Thu Jul 06 17:08:41 2023 -0700
committer: Yifan Hong <elsk@google.com> Thu Jul 06 17:46:25 2023 -0700
tree: bdbb72bad1f0d2fda6ea9ca1dceed935f7740ca3
parent: 099240ae6690e953bfffa536b7958c2cb1d5a4c2 [diff] [blame]
diff --git a/health/aidl/default/Health.cpp b/health/aidl/default/Health.cpp
index f401643..1d8cc13 100644
--- a/health/aidl/default/Health.cpp
+++ b/health/aidl/default/Health.cpp

@@ -272,7 +272,11 @@
 
     {
         std::lock_guard<decltype(callbacks_lock_)> lock(callbacks_lock_);
-        callbacks_.emplace_back(LinkedCallback::Make(ref<Health>(), callback));
+        auto linked_callback_result = LinkedCallback::Make(ref<Health>(), callback);
+        if (!linked_callback_result.ok()) {
+            return ndk::ScopedAStatus::fromStatus(-linked_callback_result.error().code());
+        }
+        callbacks_.emplace_back(std::move(*linked_callback_result));
         // unlock
     }
commit	70197263f0bfba33e8d8f17b9cad7e748b966b82	[log] [tgz]
author	Yifan Hong <elsk@google.com>	Thu Jul 06 17:08:41 2023 -0700
committer	Yifan Hong <elsk@google.com>	Thu Jul 06 17:46:25 2023 -0700
tree	bdbb72bad1f0d2fda6ea9ca1dceed935f7740ca3
parent	099240ae6690e953bfffa536b7958c2cb1d5a4c2 [diff] [blame]