From d263da88076f5299e6202f8b388eab79f6fdd495 Mon Sep 17 00:00:00 2001
From: Gao Xiang <gaoxiang25@huawei.com>
Date: Mon, 14 Aug 2017 11:32:13 +0800
Subject: [PATCH] mInternalEmulated could be used after shutdown() called

It fixes the findvolume() / reset() use-after-free issue after
shutdown called to avoid vold crash.

Fixes: a5bbb5e3c13d ("make shutdown safe for double calls.")
Change-Id: I50f216141b20da08549080291091dc5690c00ffe
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
 VolumeManager.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 2c39240..a6bed03 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -365,7 +365,10 @@ std::shared_ptr<android::vold::Disk> VolumeManager::findDisk(const std::string&
 }
 
 std::shared_ptr<android::vold::VolumeBase> VolumeManager::findVolume(const std::string& id) {
-    if (mInternalEmulated->getId() == id) {
+    // Vold could receive "mount" after "shutdown" command in the extreme case.
+    // If this happens, mInternalEmulated will equal nullptr and
+    // we need to deal with it in order to avoid null pointer crash.
+    if (mInternalEmulated != nullptr && mInternalEmulated->getId() == id) {
         return mInternalEmulated;
     }
     for (const auto& disk : mDisks) {
@@ -623,8 +626,10 @@ next:
 int VolumeManager::reset() {
     // Tear down all existing disks/volumes and start from a blank slate so
     // newly connected framework hears all events.
-    mInternalEmulated->destroy();
-    mInternalEmulated->create();
+    if (mInternalEmulated != nullptr) {
+        mInternalEmulated->destroy();
+        mInternalEmulated->create();
+    }
     for (const auto& disk : mDisks) {
         disk->destroy();
         disk->create();