From 652bc0197341337bb07fc4f87f168167fb3f47dc Mon Sep 17 00:00:00 2001 From: Lajos Molnar Date: Fri, 12 Jun 2015 12:52:27 -0700 Subject: stagefright: relax check of OMX buffer header - move check to after FillBufferDone only. - add support for NULL graphicBuffer - just in case Bug: 21773260 Change-Id: I804574c30ce47fd98bf09f5fe8ad00ae454ed1af --- media/libstagefright/omx/OMXNodeInstance.cpp | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'media/libstagefright/omx/OMXNodeInstance.cpp') diff --git a/media/libstagefright/omx/OMXNodeInstance.cpp b/media/libstagefright/omx/OMXNodeInstance.cpp index 6ee1a77..c121163 100644 --- a/media/libstagefright/omx/OMXNodeInstance.cpp +++ b/media/libstagefright/omx/OMXNodeInstance.cpp @@ -121,9 +121,10 @@ struct BufferMeta { return; } - memcpy((OMX_U8 *)mMem->pointer() + header->nOffset, - header->pBuffer + header->nOffset, - header->nFilledLen); + // check component returns proper range + sp codec = getBuffer(header, false /* backup */, true /* limit */); + + memcpy((OMX_U8 *)mMem->pointer() + header->nOffset, codec->data(), codec->size()); } void CopyToOMX(const OMX_BUFFERHEADERTYPE *header) { @@ -137,14 +138,16 @@ struct BufferMeta { } // return either the codec or the backup buffer - sp getBuffer(const OMX_BUFFERHEADERTYPE *header, bool backup) { + sp getBuffer(const OMX_BUFFERHEADERTYPE *header, bool backup, bool limit) { sp buf; if (backup && mMem != NULL) { buf = new ABuffer(mMem->pointer(), mMem->size()); } else { buf = new ABuffer(header->pBuffer, header->nAllocLen); } - buf->setRange(header->nOffset, header->nFilledLen); + if (limit) { + buf->setRange(header->nOffset, header->nFilledLen); + } return buf; } @@ -1089,10 +1092,11 @@ status_t OMXNodeInstance::emptyBuffer( OMX_BUFFERHEADERTYPE *header = findBufferHeader(buffer); BufferMeta *buffer_meta = static_cast(header->pAppPrivate); - sp backup = buffer_meta->getBuffer(header, true /* backup */); - sp codec = buffer_meta->getBuffer(header, false /* backup */); + sp backup = buffer_meta->getBuffer(header, true /* backup */, false /* limit */); + sp codec = buffer_meta->getBuffer(header, false /* backup */, false /* limit */); // convert incoming ANW meta buffers if component is configured for gralloc metadata mode + // ignore rangeOffset in this case if (mMetadataType[kPortIndexInput] == kMetadataBufferTypeGrallocSource && backup->capacity() >= sizeof(VideoNativeMetadata) && codec->capacity() >= sizeof(VideoGrallocMetadata) @@ -1102,7 +1106,7 @@ status_t OMXNodeInstance::emptyBuffer( VideoGrallocMetadata &codecMeta = *(VideoGrallocMetadata *)codec->base(); CLOG_BUFFER(emptyBuffer, "converting ANWB %p to handle %p", backupMeta.pBuffer, backupMeta.pBuffer->handle); - codecMeta.pHandle = backupMeta.pBuffer->handle; + codecMeta.pHandle = backupMeta.pBuffer != NULL ? backupMeta.pBuffer->handle : NULL; codecMeta.eType = kMetadataBufferTypeGrallocSource; header->nFilledLen = rangeLength ? sizeof(codecMeta) : 0; header->nOffset = 0; -- cgit v1.1