016d61094b
use-after-free.
__wake_oom_reaper() is supposed to be called after get_task_struct()
and oom_reap_task() will later drop that reference. Therefore
add_to_oom_reaper() should not drop the reference count itself,
unless someone else already queued the same task for reaping.
Bug: 265591293
Fixes: 561fe20b66 ("ANDROID: signal: Add vendor hook for memory reaping")
Change-Id: I4ed7f4bbac46552671de76aa1a212bec8b35144c
Signed-off-by: Hailong.Liu <liuhailong@oppo.com>
34 KiB
34 KiB