[securemem] Fix for use-after scope bug in SetPhysicalSecureHeaps
The fit::defer is run after response goes out of scope (because of C++
destructor invocation order).
Fixed: 48997
Change-Id: Idce68a6cb08668cc49fc349c218e7394c9f67279
diff --git a/src/devices/securemem/drivers/aml-securemem/sysmem-secure-mem-server.cc b/src/devices/securemem/drivers/aml-securemem/sysmem-secure-mem-server.cc
index bcab508..d3c6c3b 100644
--- a/src/devices/securemem/drivers/aml-securemem/sysmem-secure-mem-server.cc
+++ b/src/devices/securemem/drivers/aml-securemem/sysmem-secure-mem-server.cc
@@ -115,22 +115,17 @@
llcpp::fuchsia::sysmem::SecureMem::Interface::SetPhysicalSecureHeapsCompleter::Sync completer) {
ZX_DEBUG_ASSERT(thrd_current() == loop_thread_);
// must out-live |complete|
- fidl::aligned<llcpp::fuchsia::sysmem::SecureMem_SetPhysicalSecureHeaps_Response> response;
- // must out-live |complete|
llcpp::fuchsia::sysmem::SecureMem_SetPhysicalSecureHeaps_Result result;
- // ~complete before ~result or ~response
- auto complete = fit::defer([&completer, &result] {
- ZX_DEBUG_ASSERT(!result.has_invalid_tag());
- completer.Reply(std::move(result));
- });
zx_status_t status = SetPhysicalSecureHeapsInternal(heaps);
if (status != ZX_OK) {
LOG(ERROR, "SetPhysicalSecureHeapsInternal() failed - status: %d", status);
result.set_err(fidl::unowned_ptr(&status));
return;
}
+ fidl::aligned<llcpp::fuchsia::sysmem::SecureMem_SetPhysicalSecureHeaps_Response> response;
result.set_response(fidl::unowned_ptr(&response));
- // ~complete, ~result, ~response in that order
+ ZX_DEBUG_ASSERT(!result.has_invalid_tag());
+ completer.Reply(std::move(result));
}
void SysmemSecureMemServer::PostToLoop(fit::closure to_run) {
