Fix use-after-free issue

 - [As Is] g_ptr_array_remove_index_fast() is removed, but the element is reached
 - [To Be] Set the value of element flag before g_ptr_array_remove_index_fast()

Change-Id: If6b9c77987bb2ccf5ba317e9e57b27fe25c3f73c

diff --git a/packaging/mm-resource-manager.spec b/packaging/mm-resource-manager.spec
index 37f66e6..9a7160e 100644 (file)
--- a/packaging/mm-resource-manager.spec
+++ b/packaging/mm-resource-manager.spec
@@ -1,6 +1,6 @@
 Name:       mm-resource-manager
 Summary:    A Multimedia Resource Manager API
-Version:    0.2.48
+Version:    0.2.49
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0

diff --git a/src/lib/mm_resource_manager_priv.c b/src/lib/mm_resource_manager_priv.c
index 64b52a3..c2d2602 100644 (file)
--- a/src/lib/mm_resource_manager_priv.c
+++ b/src/lib/mm_resource_manager_priv.c
@@ -1041,8 +1041,8 @@ static int __dbus_commit(mm_resource_manager_s *handle)
                                resource->is_acquire_failed = FALSE;
                                break;
                        case MM_RESOURCE_MANAGER_RES_STATE_FOR_RELEASE:
-                               g_ptr_array_remove_index_fast(handle->resources, i--);
                                handle->is_release_marked[resource->type] = FALSE;
+                               g_ptr_array_remove_index_fast(handle->resources, i--);
                                break;
                        default:
                                break;