Android 9.0.0 release 42
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXPGuogAKCRDorT+BmrEO
ePsqAKCCWRYaAa/Jzw90zTQz/GGsUrVFOwCcC0kbLSEjwWgsVTd+pRDv1+kqz10=
=p4Yu
-----END PGP SIGNATURE-----
Clear Element.mRef immediately after deallocating it

DNSServiceRefDeallocate() and pointer dereferencing in request handler
thread are protected by two separate lock/unlock pairs on mHeadMutex.
If rescan() runs between these, it could dereference mRef, causing
a heap-use-after-free bug.

Solution: set mRef to null immediately after freeing it.

Bug: 121327565
Test: build
Change-Id: I56ace2ad8a2da528afa375aefb1b9420547658a7
1 file changed