summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSathishKumar Mani <smani@codeaurora.org>2015-09-25 18:17:46 -0700
committerLinux Build Service Account <lnxbuild@localhost>2015-10-06 03:25:11 -0600
commit4d0485d7daead3a28cac12c2e2cea25c2ade654d (patch)
treef491ca8ce40faf88c01b2a043ea70f652c095ebb
parent197cd79c6314ac2e14ce94624e21f3c4e38dca7c (diff)
downloadframeworks_av-4d0485d7daead3a28cac12c2e2cea25c2ade654d.zip
frameworks_av-4d0485d7daead3a28cac12c2e2cea25c2ade654d.tar.gz
frameworks_av-4d0485d7daead3a28cac12c2e2cea25c2ade654d.tar.bz2
Stagefright: Add Checks for allocations
Warn allocation failures explicitly rather than crash trying to access unallocated memory Change-Id: Ie86c3ac130917e1f4030eb8207ac8350cba7711d
-rw-r--r--media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp3
-rw-r--r--media/libmedia/ICrypto.cpp2
-rw-r--r--media/libmedia/IEffectClient.cpp4
-rw-r--r--media/libmedia/MediaScanner.cpp4
-rw-r--r--media/libmediaplayerservice/MediaPlayerService.cpp1
-rwxr-xr-xmedia/libstagefright/MPEG4Extractor.cpp1
-rw-r--r--media/libstagefright/MPEG4Writer.cpp5
-rw-r--r--media/libstagefright/MediaBuffer.cpp1
-rw-r--r--media/libstagefright/OggExtractor.cpp1
-rw-r--r--media/libstagefright/foundation/ABuffer.cpp10
-rw-r--r--services/audioflinger/AudioFlinger.cpp1
-rw-r--r--services/audioflinger/BufferProviders.cpp2
-rw-r--r--services/audioflinger/Tracks.cpp2
-rw-r--r--services/audiopolicy/service/AudioPolicyEffects.cpp1
-rw-r--r--services/audiopolicy/service/AudioPolicyEffects.h3
15 files changed, 34 insertions, 7 deletions
diff --git a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
index ad7ca4a..e01c414 100644
--- a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
+++ b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
@@ -29,6 +29,7 @@
#include "EffectBundle.h"
#include "math.h"
+#include <media/stagefright/foundation/ADebug.h>
// effect_handle_t interface implementation for bass boost
extern "C" const struct effect_interface_s gLvmEffectInterface;
@@ -563,6 +564,7 @@ int LvmBundle_init(EffectContext *pContext){
for (int i=0; i<LVM_NR_MEMORY_REGIONS; i++){
if (MemTab.Region[i].Size != 0){
MemTab.Region[i].pBaseAddress = malloc(MemTab.Region[i].Size);
+ CHECK(MemTab.Region[i].pBaseAddress != NULL);
if (MemTab.Region[i].pBaseAddress == LVM_NULL){
ALOGV("\tLVM_ERROR :LvmBundle_init CreateInstance Failed to allocate %" PRIu32
@@ -729,6 +731,7 @@ int LvmBundle_process(LVM_INT16 *pIn,
}
pContext->pBundledContext->workBuffer =
(LVM_INT16 *)malloc(frameCount * sizeof(LVM_INT16) * 2);
+ CHECK(pContext->pBundledContext->workBuffer != NULL);
pContext->pBundledContext->frameCount = frameCount;
}
pOutTmp = pContext->pBundledContext->workBuffer;
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index 947294f..9f65bde 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp
@@ -235,6 +235,7 @@ status_t BnCrypto::onTransact(
if (opaqueSize > 0) {
opaqueData = malloc(opaqueSize);
+ CHECK(opaqueData != NULL);
data.read(opaqueData, opaqueSize);
}
@@ -298,6 +299,7 @@ status_t BnCrypto::onTransact(
secureBufferId = reinterpret_cast<void *>(static_cast<uintptr_t>(data.readInt64()));
} else {
dstPtr = malloc(totalSize);
+ CHECK(dstPtr != NULL);
}
AString errorDetailMsg;
diff --git a/media/libmedia/IEffectClient.cpp b/media/libmedia/IEffectClient.cpp
index 1322e72..531f767 100644
--- a/media/libmedia/IEffectClient.cpp
+++ b/media/libmedia/IEffectClient.cpp
@@ -22,6 +22,8 @@
#include <sys/types.h>
#include <media/IEffectClient.h>
+#include <media/stagefright/foundation/ADebug.h>
+
namespace android {
enum {
@@ -117,12 +119,14 @@ status_t BnEffectClient::onTransact(
char *cmd = NULL;
if (cmdSize) {
cmd = (char *)malloc(cmdSize);
+ CHECK(cmd != NULL);
data.read(cmd, cmdSize);
}
uint32_t replySize = data.readInt32();
char *resp = NULL;
if (replySize) {
resp = (char *)malloc(replySize);
+ CHECK(resp != NULL);
data.read(resp, replySize);
}
commandExecuted(cmdCode, cmdSize, cmd, replySize, resp);
diff --git a/media/libmedia/MediaScanner.cpp b/media/libmedia/MediaScanner.cpp
index dcbb769..dac0a9e 100644
--- a/media/libmedia/MediaScanner.cpp
+++ b/media/libmedia/MediaScanner.cpp
@@ -24,6 +24,8 @@
#include <sys/stat.h>
#include <dirent.h>
+#include <media/stagefright/foundation/ADebug.h>
+
namespace android {
MediaScanner::MediaScanner()
@@ -240,6 +242,7 @@ MediaScanResult MediaScanner::doProcessDirectoryEntry(
MediaAlbumArt *MediaAlbumArt::clone() {
size_t byte_size = this->size() + sizeof(MediaAlbumArt);
MediaAlbumArt *result = reinterpret_cast<MediaAlbumArt *>(malloc(byte_size));
+ CHECK(result != NULL);
result->mSize = this->size();
memcpy(&result->mData[0], &this->mData[0], this->size());
return result;
@@ -253,6 +256,7 @@ void MediaAlbumArt::init(MediaAlbumArt *instance, int32_t dataSize, const void *
MediaAlbumArt *MediaAlbumArt::fromData(int32_t dataSize, const void* data) {
size_t byte_size = sizeof(MediaAlbumArt) + dataSize;
MediaAlbumArt *result = reinterpret_cast<MediaAlbumArt *>(malloc(byte_size));
+ CHECK(result != NULL);
init(result, dataSize, data);
return result;
}
diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp
index 0ce0c3f..6e104a4 100644
--- a/media/libmediaplayerservice/MediaPlayerService.cpp
+++ b/media/libmediaplayerservice/MediaPlayerService.cpp
@@ -2128,6 +2128,7 @@ bool CallbackThread::threadLoop() {
if (mBuffer == NULL) {
mBufferSize = sink->bufferSize();
mBuffer = malloc(mBufferSize);
+ CHECK(mBuffer != NULL);
}
size_t actualSize =
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 84e07b5..cd50365 100755
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -535,6 +535,7 @@ status_t MPEG4Extractor::readMetaData() {
}
if (psshsize > 0 && psshsize <= UINT32_MAX) {
char *buf = (char*)malloc(psshsize);
+ CHECK(buf != NULL);
char *ptr = buf;
for (size_t i = 0; i < mPssh.size(); i++) {
memcpy(ptr, mPssh[i].uuid, 20); // uuid + length
diff --git a/media/libstagefright/MPEG4Writer.cpp b/media/libstagefright/MPEG4Writer.cpp
index 7dfac76..8af2615 100644
--- a/media/libstagefright/MPEG4Writer.cpp
+++ b/media/libstagefright/MPEG4Writer.cpp
@@ -1566,6 +1566,7 @@ void MPEG4Writer::Track::getCodecSpecificDataFromInputFormatIfPossible() {
size_t size;
if (mMeta->findData(kKeyAVCC, &type, &data, &size)) {
mCodecSpecificData = malloc(size);
+ CHECK(mCodecSpecificData != NULL);
mCodecSpecificDataSize = size;
memcpy(mCodecSpecificData, data, size);
mGotAllCodecSpecificData = true;
@@ -1579,6 +1580,7 @@ void MPEG4Writer::Track::getCodecSpecificDataFromInputFormatIfPossible() {
ESDS esds(data, size);
if (esds.getCodecSpecificInfo(&data, &size) == OK) {
mCodecSpecificData = malloc(size);
+ CHECK(mCodecSpecificData != NULL);
mCodecSpecificDataSize = size;
memcpy(mCodecSpecificData, data, size);
mGotAllCodecSpecificData = true;
@@ -1979,6 +1981,7 @@ status_t MPEG4Writer::Track::copyAVCCodecSpecificData(
mCodecSpecificDataSize = size;
mCodecSpecificData = malloc(size);
+ CHECK(mCodecSpecificData != NULL);
memcpy(mCodecSpecificData, data, size);
return OK;
}
@@ -2101,6 +2104,7 @@ status_t MPEG4Writer::Track::makeAVCCodecSpecificData(
// ISO 14496-15: AVC file format
mCodecSpecificDataSize += 7; // 7 more bytes in the header
mCodecSpecificData = malloc(mCodecSpecificDataSize);
+ CHECK(mCodecSpecificData != NULL);
uint8_t *header = (uint8_t *)mCodecSpecificData;
header[0] = 1; // version
header[1] = mProfileIdc; // profile indication
@@ -2235,6 +2239,7 @@ status_t MPEG4Writer::Track::threadEntry() {
} else if (mIsMPEG4) {
mCodecSpecificDataSize = buffer->range_length();
mCodecSpecificData = malloc(mCodecSpecificDataSize);
+ CHECK(mCodecSpecificData != NULL);
memcpy(mCodecSpecificData,
(const uint8_t *)buffer->data()
+ buffer->range_offset(),
diff --git a/media/libstagefright/MediaBuffer.cpp b/media/libstagefright/MediaBuffer.cpp
index 1f80a47..525a156 100644
--- a/media/libstagefright/MediaBuffer.cpp
+++ b/media/libstagefright/MediaBuffer.cpp
@@ -54,6 +54,7 @@ MediaBuffer::MediaBuffer(size_t size)
mOwnsData(true),
mMetaData(new MetaData),
mOriginal(NULL) {
+ CHECK(mData != NULL);
}
MediaBuffer::MediaBuffer(const sp<GraphicBuffer>& graphicBuffer)
diff --git a/media/libstagefright/OggExtractor.cpp b/media/libstagefright/OggExtractor.cpp
index 6fba8e1..c438d3c 100644
--- a/media/libstagefright/OggExtractor.cpp
+++ b/media/libstagefright/OggExtractor.cpp
@@ -1225,6 +1225,7 @@ static uint8_t *DecodeBase64(const char *s, size_t size, size_t *outSize) {
*outSize = outLen;
void *buffer = malloc(outLen);
+ CHECK(buffer != NULL);
uint8_t *out = (uint8_t *)buffer;
size_t j = 0;
diff --git a/media/libstagefright/foundation/ABuffer.cpp b/media/libstagefright/foundation/ABuffer.cpp
index a5b81a8..3ebbbd9 100644
--- a/media/libstagefright/foundation/ABuffer.cpp
+++ b/media/libstagefright/foundation/ABuffer.cpp
@@ -29,13 +29,9 @@ ABuffer::ABuffer(size_t capacity)
mInt32Data(0),
mOwnsData(true) {
mData = malloc(capacity);
- if (mData == NULL) {
- mCapacity = 0;
- mRangeLength = 0;
- } else {
- mCapacity = capacity;
- mRangeLength = capacity;
- }
+ CHECK(mData != NULL);
+ mCapacity = capacity;
+ mRangeLength = capacity;
}
ABuffer::ABuffer(void *data, size_t capacity)
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index 5089bd3..c7f863b 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -2986,6 +2986,7 @@ void AudioFlinger::dumpTee(int fd, const sp<NBAIO_Source>& source, audio_io_hand
bool firstRead = true;
#define TEE_SINK_READ 1024 // frames per I/O operation
void *buffer = malloc(TEE_SINK_READ * frameSize);
+ CHECK (buffer != NULL);
for (;;) {
size_t count = TEE_SINK_READ;
ssize_t actual = teeSource->read(buffer, count,
diff --git a/services/audioflinger/BufferProviders.cpp b/services/audioflinger/BufferProviders.cpp
index a8be206..434a514 100644
--- a/services/audioflinger/BufferProviders.cpp
+++ b/services/audioflinger/BufferProviders.cpp
@@ -24,6 +24,7 @@
#include <media/EffectsFactoryApi.h>
#include <utils/Log.h>
+#include <media/stagefright/foundation/ADebug.h>
#include "Configuration.h"
#include "BufferProviders.h"
@@ -205,6 +206,7 @@ DownmixerBufferProvider::DownmixerBufferProvider(
const int downmixParamSize =
sizeof(effect_param_t) + psizePadded + sizeof(downmix_type_t);
effect_param_t * const param = (effect_param_t *) malloc(downmixParamSize);
+ CHECK(param != NULL);
param->psize = sizeof(downmix_params_t);
const downmix_params_t downmixParam = DOWNMIX_PARAM_TYPE;
memcpy(param->data, &downmixParam, param->psize);
diff --git a/services/audioflinger/Tracks.cpp b/services/audioflinger/Tracks.cpp
index f7da209..a45a6f8 100644
--- a/services/audioflinger/Tracks.cpp
+++ b/services/audioflinger/Tracks.cpp
@@ -24,6 +24,7 @@
#include <math.h>
#include <sys/syscall.h>
#include <utils/Log.h>
+#include <media/stagefright/foundation/ADebug.h>
#include <private/media/AudioTrackShared.h>
@@ -1771,6 +1772,7 @@ bool AudioFlinger::PlaybackThread::OutputTrack::write(void* data, uint32_t frame
if (mBufferQueue.size() < kMaxOverFlowBuffers) {
pInBuffer = new Buffer;
pInBuffer->mBuffer = malloc(inBuffer.frameCount * mFrameSize);
+ CHECK(pInBuffer->mBuffer != NULL);
pInBuffer->frameCount = inBuffer.frameCount;
pInBuffer->raw = pInBuffer->mBuffer;
memcpy(pInBuffer->raw, inBuffer.raw, inBuffer.frameCount * mFrameSize);
diff --git a/services/audiopolicy/service/AudioPolicyEffects.cpp b/services/audiopolicy/service/AudioPolicyEffects.cpp
index 282ddeb..e71d7a5 100644
--- a/services/audiopolicy/service/AudioPolicyEffects.cpp
+++ b/services/audiopolicy/service/AudioPolicyEffects.cpp
@@ -442,6 +442,7 @@ effect_param_t *AudioPolicyEffects::loadEffectParameter(cnode *root)
size_t curSize = sizeof(effect_param_t);
size_t totSize = sizeof(effect_param_t) + 2 * sizeof(int);
effect_param_t *fx_param = (effect_param_t *)malloc(totSize);
+ CHECK(fx_param != NULL);
param = config_find(root, PARAM_TAG);
value = config_find(root, VALUE_TAG);
diff --git a/services/audiopolicy/service/AudioPolicyEffects.h b/services/audiopolicy/service/AudioPolicyEffects.h
index 3dec437..3845050 100644
--- a/services/audiopolicy/service/AudioPolicyEffects.h
+++ b/services/audiopolicy/service/AudioPolicyEffects.h
@@ -27,6 +27,8 @@
#include <utils/Vector.h>
#include <utils/SortedVector.h>
+#include <media/stagefright/foundation/ADebug.h>
+
namespace android {
// ----------------------------------------------------------------------------
@@ -102,6 +104,7 @@ private:
((origParam->psize + 3) & ~3) +
((origParam->vsize + 3) & ~3);
effect_param_t *dupParam = (effect_param_t *) malloc(origSize);
+ CHECK(dupParam != NULL);
memcpy(dupParam, origParam, origSize);
// This works because the param buffer allocation is also done by
// multiples of 4 bytes originally. In theory we should memcpy only