From 11ad1b8bec5f8daa10ec023153e95eba46a4fbff Mon Sep 17 00:00:00 2001
From: Chong Zhang <chz@google.com>
Date: Tue, 19 May 2015 10:56:40 -0700
Subject: stagefright: don't use stale pointer after disconnecting
 NuCachedSource2

bug: 20858729
Change-Id: I7d680accb43a4aa08620acd96659b97e80d1a5e8
---
 media/libstagefright/NuCachedSource2.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/media/libstagefright/NuCachedSource2.cpp b/media/libstagefright/NuCachedSource2.cpp
index 1c53b40..f82636b 100644
--- a/media/libstagefright/NuCachedSource2.cpp
+++ b/media/libstagefright/NuCachedSource2.cpp
@@ -583,6 +583,13 @@ ssize_t NuCachedSource2::readInternal(off64_t offset, void *data, size_t size) {
 
     Mutex::Autolock autoLock(mLock);
 
+    // If we're disconnecting, return EOS and don't access *data pointer.
+    // data could be on the stack of the caller to NuCachedSource2::readAt(),
+    // which may have exited already.
+    if (mDisconnecting) {
+        return ERROR_END_OF_STREAM;
+    }
+
     if (!mFetching) {
         mLastAccessPos = offset;
         restartPrefetcherIfNecessary_l(
-- 
cgit v1.1