From 0bb5ced60304da7f61478ffd359e7ba65d72f181 Mon Sep 17 00:00:00 2001 From: Marco Nelissen Date: Thu, 10 Mar 2016 15:02:13 -0800 Subject: Fix size check for OMX_IndexParamConsumerUsageBits since it doesn't follow the OMX convention. And remove support for the kClientNeedsFrameBuffer flag. Bug: 27207275 Change-Id: Ia2c119e2456ebf9e2f4e1de5104ef9032a212255 --- media/libmedia/IOMX.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'media/libmedia') diff --git a/media/libmedia/IOMX.cpp b/media/libmedia/IOMX.cpp index 84925f1..9be9b41 100644 --- a/media/libmedia/IOMX.cpp +++ b/media/libmedia/IOMX.cpp @@ -24,6 +24,7 @@ #include #include #include +#include namespace android { @@ -698,7 +699,8 @@ status_t BnOMX::onTransact( void *params = NULL; size_t pageSize = 0; size_t allocSize = 0; - if (code != SET_INTERNAL_OPTION && size < 8) { + if ((index == (OMX_INDEXTYPE) OMX_IndexParamConsumerUsageBits && size < 4) || + (code != SET_INTERNAL_OPTION && size < 8)) { // we expect the structure to contain at least the size and // version, 8 bytes total ALOGE("b/27207275 (%zu)", size); @@ -720,7 +722,9 @@ status_t BnOMX::onTransact( } else { err = NOT_ENOUGH_DATA; OMX_U32 declaredSize = *(OMX_U32*)params; - if (code != SET_INTERNAL_OPTION && declaredSize > size) { + if (code != SET_INTERNAL_OPTION && + index != (OMX_INDEXTYPE) OMX_IndexParamConsumerUsageBits && + declaredSize > size) { // the buffer says it's bigger than it actually is ALOGE("b/27207275 (%u/%zu)", declaredSize, size); android_errorWriteLog(0x534e4554, "27207275"); -- cgit v1.1