Fix use-after-free issue

 - [As Is] g_ptr_array_remove_index_fast() is removed, but the element is reached
 - [To Be] Set the value of element flag before g_ptr_array_remove_index_fast()

Change-Id: If6b9c77987bb2ccf5ba317e9e57b27fe25c3f73c
(cherry picked from commit 649f45a9b612ad98886df3b8ced00d21b06edcb7)

diff --git a/packaging/mm-resource-manager.spec b/packaging/mm-resource-manager.spec
index 37f66e60aaa7de0725b12c947b47309a5f6405a6..9a7160e17afeaf62f5e65e70d0127c9082c0ada6 100644 (file)
--- a/packaging/mm-resource-manager.spec
+++ b/packaging/mm-resource-manager.spec
@@ -1,6 +1,6 @@
 Name:       mm-resource-manager
 Summary:    A Multimedia Resource Manager API
-Version:    0.2.48
+Version:    0.2.49
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0

diff --git a/src/lib/mm_resource_manager_priv.c b/src/lib/mm_resource_manager_priv.c
index 64b52a3fbf7d90855f79e0bb391c75ce0d5bc5d5..c2d260226d9e77e96cb2e49c6d78ed5c45a99e46 100644 (file)
--- a/src/lib/mm_resource_manager_priv.c
+++ b/src/lib/mm_resource_manager_priv.c
@@ -1041,8 +1041,8 @@ static int __dbus_commit(mm_resource_manager_s *handle)
                                resource->is_acquire_failed = FALSE;
                                break;
                        case MM_RESOURCE_MANAGER_RES_STATE_FOR_RELEASE:
-                               g_ptr_array_remove_index_fast(handle->resources, i--);
                                handle->is_release_marked[resource->type] = FALSE;
+                               g_ptr_array_remove_index_fast(handle->resources, i--);
                                break;
                        default:
                                break;