From 9ef039824f1ad837c6a8eb1ab5a0d387e1d3fa04 Mon Sep 17 00:00:00 2001
From: pumahsu <pumahsu@google.com>
Date: Mon, 14 Oct 2019 17:34:39 +0800
Subject: [PATCH] Prevent null vector accessing in USB HAL

If getPortStatusHelper() failed to allocate currentPortStatus_1_2 size,
it should not access this vector, otherwise it would cause crash.

Bug: 142366879
Test: try to adb root and re-connect USB
Change-Id: I0d0d9cd1dccd646ce270b562f2922da15338bfc1
Signed-off-by: pumahsu <pumahsu@google.com>
---
 usb/Usb.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/usb/Usb.cpp b/usb/Usb.cpp
index af821914..474c3beb 100644
--- a/usb/Usb.cpp
+++ b/usb/Usb.cpp
@@ -97,6 +97,11 @@ int32_t writeFile(const std::string &filename, const std::string &contents) {
 Status queryMoistureDetectionStatus(hidl_vec<PortStatus> *currentPortStatus_1_2) {
     std::string enabled, status;
 
+    if (currentPortStatus_1_2 == NULL || currentPortStatus_1_2->size() == 0) {
+        ALOGE("currentPortStatus_1_2 is not available");
+        return Status::ERROR;
+    }
+
     (*currentPortStatus_1_2)[0].supportedContaminantProtectionModes = 0;
     (*currentPortStatus_1_2)[0].supportedContaminantProtectionModes |=
         ContaminantProtectionMode::FORCE_SINK;
@@ -564,7 +569,8 @@ void queryVersionHelper(android::hardware::usb::V1_2::implementation::Usb *usb,
     if (usb->mCallback_1_0 != NULL) {
         if (callback_V1_2 != NULL) {
             status = getPortStatusHelper(currentPortStatus_1_2, HALVersion::V1_2);
-            queryMoistureDetectionStatus(currentPortStatus_1_2);
+            if (status == Status::SUCCESS)
+                queryMoistureDetectionStatus(currentPortStatus_1_2);
         } else if (callback_V1_1 != NULL) {
             status = getPortStatusHelper(currentPortStatus_1_2, HALVersion::V1_1);
             currentPortStatus_1_1.resize(currentPortStatus_1_2->size());