From 7056de1b423e10b16149df3db0102aff714f2648 Mon Sep 17 00:00:00 2001
From: Gao Xiang <gaoxiang25@huawei.com>
Date: Mon, 14 Aug 2017 11:32:13 +0800
Subject: [PATCH] mInternalEmulated could be used after shutdown() called

It fixes the findvolume() / reset() use-after-free issue after
shutdown called to avoid vold crash.

bug: 64833901
Test: test reboot
Fixes: a5bbb5e3c13d ("make shutdown safe for double calls.")
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>

(cherry picked from commit d263da88076f5299e6202f8b388eab79f6fdd495)

Change-Id: I636b28f30fb82e4672d88144cd04072d24ef3b85
---
 VolumeManager.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 8398498..13a943f 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -425,7 +425,10 @@ std::shared_ptr<android::vold::Disk> VolumeManager::findDisk(const std::string&
 }
 
 std::shared_ptr<android::vold::VolumeBase> VolumeManager::findVolume(const std::string& id) {
-    if (mInternalEmulated->getId() == id) {
+    // Vold could receive "mount" after "shutdown" command in the extreme case.
+    // If this happens, mInternalEmulated will equal nullptr and
+    // we need to deal with it in order to avoid null pointer crash.
+    if (mInternalEmulated != nullptr && mInternalEmulated->getId() == id) {
         return mInternalEmulated;
     }
     for (const auto& disk : mDisks) {
@@ -689,8 +692,10 @@ next:
 int VolumeManager::reset() {
     // Tear down all existing disks/volumes and start from a blank slate so
     // newly connected framework hears all events.
-    mInternalEmulated->destroy();
-    mInternalEmulated->create();
+    if (mInternalEmulated != nullptr) {
+        mInternalEmulated->destroy();
+        mInternalEmulated->create();
+    }
     for (const auto& disk : mDisks) {
         disk->destroy();
         disk->create();