From b6686e725a5a06757d66898562f20d5ea04ea9b3 Mon Sep 17 00:00:00 2001
From: Yu-Han Yang <yuhany@google.com>
Date: Wed, 13 Apr 2022 12:40:52 -0700
Subject: [PATCH] Fix use-after-free in GnssMesaurementInterface

Bug: 228639296
Test: on Cuttlefish
Change-Id: Ibd36d23f2059ae994132099dd67d8fd10f84cd72
---
 gnss/aidl/default/Gnss.cpp                           | 1 -
 gnss/aidl/default/GnssMeasurementInterface.cpp       | 4 +++-
 gnss/aidl/default/GnssNavigationMessageInterface.cpp | 4 +++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/gnss/aidl/default/Gnss.cpp b/gnss/aidl/default/Gnss.cpp
index 7855b5196a..226b1f4b27 100644
--- a/gnss/aidl/default/Gnss.cpp
+++ b/gnss/aidl/default/Gnss.cpp
@@ -153,7 +153,6 @@ void Gnss::reportSvStatus(const std::vector<GnssSvInfo>& svInfoList) const {
 
 std::vector<GnssSvInfo> Gnss::filterBlocklistedSatellites(
         std::vector<GnssSvInfo> gnssSvInfoList) const {
-    ALOGD("filterBlocklistedSatellites");
     for (uint32_t i = 0; i < gnssSvInfoList.size(); i++) {
         if (mGnssConfiguration->isBlocklisted(gnssSvInfoList[i])) {
             gnssSvInfoList[i].svFlag &= ~(uint32_t)IGnssCallback::GnssSvFlags::USED_IN_FIX;
diff --git a/gnss/aidl/default/GnssMeasurementInterface.cpp b/gnss/aidl/default/GnssMeasurementInterface.cpp
index 2c7241b82e..228d5bf854 100644
--- a/gnss/aidl/default/GnssMeasurementInterface.cpp
+++ b/gnss/aidl/default/GnssMeasurementInterface.cpp
@@ -106,12 +106,14 @@ void GnssMeasurementInterface::start(const bool enableCorrVecOutputs) {
             std::this_thread::sleep_for(std::chrono::milliseconds(mMinIntervalMillis));
         }
     });
-    mThread.detach();
 }
 
 void GnssMeasurementInterface::stop() {
     ALOGD("stop");
     mIsActive = false;
+    if (mThread.joinable()) {
+        mThread.join();
+    }
 }
 
 void GnssMeasurementInterface::reportMeasurement(const GnssData& data) {
diff --git a/gnss/aidl/default/GnssNavigationMessageInterface.cpp b/gnss/aidl/default/GnssNavigationMessageInterface.cpp
index 4bc859d35f..fe34787c82 100644
--- a/gnss/aidl/default/GnssNavigationMessageInterface.cpp
+++ b/gnss/aidl/default/GnssNavigationMessageInterface.cpp
@@ -69,12 +69,14 @@ void GnssNavigationMessageInterface::start() {
             std::this_thread::sleep_for(std::chrono::milliseconds(mMinIntervalMillis));
         }
     });
-    mThread.detach();
 }
 
 void GnssNavigationMessageInterface::stop() {
     ALOGD("stop");
     mIsActive = false;
+    if (mThread.joinable()) {
+        mThread.join();
+    }
 }
 
 void GnssNavigationMessageInterface::reportMessage(const GnssNavigationMessage& message) {