From 36dd3c28898248fe5ecb7e256025499bb8d6275a Mon Sep 17 00:00:00 2001 From: Sergio Giro Date: Tue, 28 Jun 2016 18:24:52 +0100 Subject: Add bound checks to utf16_to_utf8 Bug: 29250543 Change-Id: I3518416e89ed901021970958fb6005fd69129f7c (cherry picked from commit 1d3f4278b2666d1a145af2f54782c993aa07d1d9) --- media/libmediaplayerservice/MediaPlayerService.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'media/libmediaplayerservice/MediaPlayerService.cpp') diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp index bcfd83a..b8c610d 100644 --- a/media/libmediaplayerservice/MediaPlayerService.cpp +++ b/media/libmediaplayerservice/MediaPlayerService.cpp @@ -237,7 +237,8 @@ void unmarshallAudioAttributes(const Parcel& parcel, audio_attributes_t *attribu // copying array size -1, array for tags was calloc'd, no need to NULL-terminate it size_t tagSize = realTagSize > AUDIO_ATTRIBUTES_TAGS_MAX_SIZE - 1 ? AUDIO_ATTRIBUTES_TAGS_MAX_SIZE - 1 : realTagSize; - utf16_to_utf8(tags.string(), tagSize, attributes->tags); + utf16_to_utf8(tags.string(), tagSize, attributes->tags, + sizeof(attributes->tags) / sizeof(attributes->tags[0])); } } else { ALOGE("unmarshallAudioAttributes() received unflattened tags, ignoring tag values"); -- cgit v1.1 From 3d4cb8bbc03aab52c71bb339624170f2b7238cdf Mon Sep 17 00:00:00 2001 From: Sergio Giro Date: Tue, 28 Jun 2016 18:24:52 +0100 Subject: Add bound checks to utf16_to_utf8 Bug: 29250543 Change-Id: I3518416e89ed901021970958fb6005fd69129f7c (cherry picked from commit 1d3f4278b2666d1a145af2f54782c993aa07d1d9) --- media/libmediaplayerservice/MediaPlayerService.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'media/libmediaplayerservice/MediaPlayerService.cpp') diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp index bcfd83a..b8c610d 100644 --- a/media/libmediaplayerservice/MediaPlayerService.cpp +++ b/media/libmediaplayerservice/MediaPlayerService.cpp @@ -237,7 +237,8 @@ void unmarshallAudioAttributes(const Parcel& parcel, audio_attributes_t *attribu // copying array size -1, array for tags was calloc'd, no need to NULL-terminate it size_t tagSize = realTagSize > AUDIO_ATTRIBUTES_TAGS_MAX_SIZE - 1 ? AUDIO_ATTRIBUTES_TAGS_MAX_SIZE - 1 : realTagSize; - utf16_to_utf8(tags.string(), tagSize, attributes->tags); + utf16_to_utf8(tags.string(), tagSize, attributes->tags, + sizeof(attributes->tags) / sizeof(attributes->tags[0])); } } else { ALOGE("unmarshallAudioAttributes() received unflattened tags, ignoring tag values"); -- cgit v1.1 From 4c086a8dc1d9c9772ac705d2a1509b311985e374 Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Tue, 16 Aug 2016 16:50:54 -0700 Subject: MediaPlayerService: avoid invalid static cast Bug: 30204103 Change-Id: Ie0dd3568a375f1e9fed8615ad3d85184bcc99028 (cherry picked from commit ee0a0e39acdcf8f97e0d6945c31ff36a06a36e9d) --- media/libmediaplayerservice/MediaPlayerService.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'media/libmediaplayerservice/MediaPlayerService.cpp') diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp index b8c610d..0483228 100644 --- a/media/libmediaplayerservice/MediaPlayerService.cpp +++ b/media/libmediaplayerservice/MediaPlayerService.cpp @@ -559,6 +559,12 @@ void MediaPlayerService::removeClient(wp client) mClients.remove(client); } +bool MediaPlayerService::hasClient(wp client) +{ + Mutex::Autolock lock(mLock); + return mClients.indexOf(client) != NAME_NOT_FOUND; +} + MediaPlayerService::Client::Client( const sp& service, pid_t pid, int32_t connId, const sp& client, @@ -1056,6 +1062,10 @@ status_t MediaPlayerService::Client::setNextPlayer(const sp& playe ALOGV("setNextPlayer"); Mutex::Autolock l(mLock); sp c = static_cast(player.get()); + if (!mService->hasClient(c)) { + return BAD_VALUE; + } + mNextClient = c; if (c != NULL) { -- cgit v1.1 From f42ee8bd0cb51c571dd6dfcf71c61dce377768cd Mon Sep 17 00:00:00 2001 From: Wei Jia Date: Tue, 30 Aug 2016 13:49:06 -0700 Subject: MediaPlayerService: allow next player to be NULL Bug: 31155917 Bug: 30204103 Change-Id: I9a2a59ddb900fc942e7c19b31b53a110d790474c (cherry picked from commit 282841278723166e74039329ca56e444ad472daf) --- media/libmediaplayerservice/MediaPlayerService.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'media/libmediaplayerservice/MediaPlayerService.cpp') diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp index 0483228..f802de1 100644 --- a/media/libmediaplayerservice/MediaPlayerService.cpp +++ b/media/libmediaplayerservice/MediaPlayerService.cpp @@ -1062,7 +1062,7 @@ status_t MediaPlayerService::Client::setNextPlayer(const sp& playe ALOGV("setNextPlayer"); Mutex::Autolock l(mLock); sp c = static_cast(player.get()); - if (!mService->hasClient(c)) { + if (c != NULL && !mService->hasClient(c)) { return BAD_VALUE; } -- cgit v1.1