From 77bb1dbf1a13d87afe3c29e5f036e260e17d5e50 Mon Sep 17 00:00:00 2001
From: Eric Laurent <elaurent@google.com>
Date: Thu, 3 Dec 2015 18:52:10 -0800
Subject: post proc : volume listener : fix effect release crash

Fix access to deleted effect context in vol_prc_lib_release()

Bug: 25753245.
Change-Id: I64ca99e4d5d09667be4c8c605f66700b9ae67949
(cherry picked from commit 93ab6fdda7b7557ccb34372670c30fa6178f8426)
(cherry picked from commit ebbb82365172337c6c250c6cac4e326970a9e351)
---
 post_proc/volume_listener.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/post_proc/volume_listener.c b/post_proc/volume_listener.c
index e1dd0261..7b602488 100644
--- a/post_proc/volume_listener.c
+++ b/post_proc/volume_listener.c
@@ -697,24 +697,31 @@ static int vol_prc_lib_release(effect_handle_t handle)
     struct listnode *node = NULL;
     vol_listener_context_t *context = NULL;
     vol_listener_context_t *recv_contex = (vol_listener_context_t *)handle;
-    int status = -1;
+    int status = -EINVAL;
     bool recompute_flag = false;
     int active_stream_count = 0;
+    uint32_t session_id;
+    uint32_t stream_type;
+    effect_uuid_t uuid;
+
     ALOGV("%s context %p", __func__, handle);
-    if (recv_contex == NULL || recv_contex->desc == NULL) {
-        ALOGE("%s: Got invalid handle while release, DO NOTHING ", __func__);
+
+    if (recv_contex == NULL) {
         return status;
     }
-
     pthread_mutex_lock(&vol_listner_init_lock);
+    session_id = recv_contex->session_id;
+    stream_type = recv_contex->stream_type;
+    uuid = recv_contex->desc->uuid;
 
     // check if the handle/context provided is valid
     list_for_each(node, &vol_effect_list) {
         context = node_to_item(node, struct vol_listener_context_s, effect_list_node);
-        if ((memcmp(&(context->desc->uuid), &(recv_contex->desc->uuid), sizeof(effect_uuid_t)) == 0)
-            && (context->session_id == recv_contex->session_id)
-            && (context->stream_type == recv_contex->stream_type)) {
+        if ((memcmp(&(context->desc->uuid), &uuid, sizeof(effect_uuid_t)) == 0)
+            && (context->session_id == session_id)
+            && (context->stream_type == stream_type)) {
             ALOGV("--- Found something to remove ---");
+            list_remove(node);
             PRINT_STREAM_TYPE(context->stream_type);
             if (context->dev_id == AUDIO_DEVICE_OUT_SPEAKER) {
                 recompute_flag = true;
@@ -730,6 +737,8 @@ static int vol_prc_lib_release(effect_handle_t handle)
 
     if (status != 0) {
         ALOGE("something wrong ... <<<--- Found NOTHING to remove ... ???? --->>>>>");
+        pthread_mutex_unlock(&vol_listner_init_lock);
+        return status;
     }
 
     // if there are no active streams, reset cal and volume level
-- 
cgit v1.2.3