From 4d0485d7daead3a28cac12c2e2cea25c2ade654d Mon Sep 17 00:00:00 2001 From: SathishKumar Mani Date: Fri, 25 Sep 2015 18:17:46 -0700 Subject: Stagefright: Add Checks for allocations Warn allocation failures explicitly rather than crash trying to access unallocated memory Change-Id: Ie86c3ac130917e1f4030eb8207ac8350cba7711d --- media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp | 3 +++ media/libmedia/ICrypto.cpp | 2 ++ media/libmedia/IEffectClient.cpp | 4 ++++ media/libmedia/MediaScanner.cpp | 4 ++++ media/libmediaplayerservice/MediaPlayerService.cpp | 1 + media/libstagefright/MPEG4Extractor.cpp | 1 + media/libstagefright/MPEG4Writer.cpp | 5 +++++ media/libstagefright/MediaBuffer.cpp | 1 + media/libstagefright/OggExtractor.cpp | 1 + media/libstagefright/foundation/ABuffer.cpp | 10 +++------- 10 files changed, 25 insertions(+), 7 deletions(-) (limited to 'media') diff --git a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp index ad7ca4a..e01c414 100644 --- a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp +++ b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp @@ -29,6 +29,7 @@ #include "EffectBundle.h" #include "math.h" +#include // effect_handle_t interface implementation for bass boost extern "C" const struct effect_interface_s gLvmEffectInterface; @@ -563,6 +564,7 @@ int LvmBundle_init(EffectContext *pContext){ for (int i=0; ipBundledContext->workBuffer = (LVM_INT16 *)malloc(frameCount * sizeof(LVM_INT16) * 2); + CHECK(pContext->pBundledContext->workBuffer != NULL); pContext->pBundledContext->frameCount = frameCount; } pOutTmp = pContext->pBundledContext->workBuffer; diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp index 947294f..9f65bde 100644 --- a/media/libmedia/ICrypto.cpp +++ b/media/libmedia/ICrypto.cpp @@ -235,6 +235,7 @@ status_t BnCrypto::onTransact( if (opaqueSize > 0) { opaqueData = malloc(opaqueSize); + CHECK(opaqueData != NULL); data.read(opaqueData, opaqueSize); } @@ -298,6 +299,7 @@ status_t BnCrypto::onTransact( secureBufferId = reinterpret_cast(static_cast(data.readInt64())); } else { dstPtr = malloc(totalSize); + CHECK(dstPtr != NULL); } AString errorDetailMsg; diff --git a/media/libmedia/IEffectClient.cpp b/media/libmedia/IEffectClient.cpp index 1322e72..531f767 100644 --- a/media/libmedia/IEffectClient.cpp +++ b/media/libmedia/IEffectClient.cpp @@ -22,6 +22,8 @@ #include #include +#include + namespace android { enum { @@ -117,12 +119,14 @@ status_t BnEffectClient::onTransact( char *cmd = NULL; if (cmdSize) { cmd = (char *)malloc(cmdSize); + CHECK(cmd != NULL); data.read(cmd, cmdSize); } uint32_t replySize = data.readInt32(); char *resp = NULL; if (replySize) { resp = (char *)malloc(replySize); + CHECK(resp != NULL); data.read(resp, replySize); } commandExecuted(cmdCode, cmdSize, cmd, replySize, resp); diff --git a/media/libmedia/MediaScanner.cpp b/media/libmedia/MediaScanner.cpp index dcbb769..dac0a9e 100644 --- a/media/libmedia/MediaScanner.cpp +++ b/media/libmedia/MediaScanner.cpp @@ -24,6 +24,8 @@ #include #include +#include + namespace android { MediaScanner::MediaScanner() @@ -240,6 +242,7 @@ MediaScanResult MediaScanner::doProcessDirectoryEntry( MediaAlbumArt *MediaAlbumArt::clone() { size_t byte_size = this->size() + sizeof(MediaAlbumArt); MediaAlbumArt *result = reinterpret_cast(malloc(byte_size)); + CHECK(result != NULL); result->mSize = this->size(); memcpy(&result->mData[0], &this->mData[0], this->size()); return result; @@ -253,6 +256,7 @@ void MediaAlbumArt::init(MediaAlbumArt *instance, int32_t dataSize, const void * MediaAlbumArt *MediaAlbumArt::fromData(int32_t dataSize, const void* data) { size_t byte_size = sizeof(MediaAlbumArt) + dataSize; MediaAlbumArt *result = reinterpret_cast(malloc(byte_size)); + CHECK(result != NULL); init(result, dataSize, data); return result; } diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp index 0ce0c3f..6e104a4 100644 --- a/media/libmediaplayerservice/MediaPlayerService.cpp +++ b/media/libmediaplayerservice/MediaPlayerService.cpp @@ -2128,6 +2128,7 @@ bool CallbackThread::threadLoop() { if (mBuffer == NULL) { mBufferSize = sink->bufferSize(); mBuffer = malloc(mBufferSize); + CHECK(mBuffer != NULL); } size_t actualSize = diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 84e07b5..cd50365 100755 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -535,6 +535,7 @@ status_t MPEG4Extractor::readMetaData() { } if (psshsize > 0 && psshsize <= UINT32_MAX) { char *buf = (char*)malloc(psshsize); + CHECK(buf != NULL); char *ptr = buf; for (size_t i = 0; i < mPssh.size(); i++) { memcpy(ptr, mPssh[i].uuid, 20); // uuid + length diff --git a/media/libstagefright/MPEG4Writer.cpp b/media/libstagefright/MPEG4Writer.cpp index 7dfac76..8af2615 100644 --- a/media/libstagefright/MPEG4Writer.cpp +++ b/media/libstagefright/MPEG4Writer.cpp @@ -1566,6 +1566,7 @@ void MPEG4Writer::Track::getCodecSpecificDataFromInputFormatIfPossible() { size_t size; if (mMeta->findData(kKeyAVCC, &type, &data, &size)) { mCodecSpecificData = malloc(size); + CHECK(mCodecSpecificData != NULL); mCodecSpecificDataSize = size; memcpy(mCodecSpecificData, data, size); mGotAllCodecSpecificData = true; @@ -1579,6 +1580,7 @@ void MPEG4Writer::Track::getCodecSpecificDataFromInputFormatIfPossible() { ESDS esds(data, size); if (esds.getCodecSpecificInfo(&data, &size) == OK) { mCodecSpecificData = malloc(size); + CHECK(mCodecSpecificData != NULL); mCodecSpecificDataSize = size; memcpy(mCodecSpecificData, data, size); mGotAllCodecSpecificData = true; @@ -1979,6 +1981,7 @@ status_t MPEG4Writer::Track::copyAVCCodecSpecificData( mCodecSpecificDataSize = size; mCodecSpecificData = malloc(size); + CHECK(mCodecSpecificData != NULL); memcpy(mCodecSpecificData, data, size); return OK; } @@ -2101,6 +2104,7 @@ status_t MPEG4Writer::Track::makeAVCCodecSpecificData( // ISO 14496-15: AVC file format mCodecSpecificDataSize += 7; // 7 more bytes in the header mCodecSpecificData = malloc(mCodecSpecificDataSize); + CHECK(mCodecSpecificData != NULL); uint8_t *header = (uint8_t *)mCodecSpecificData; header[0] = 1; // version header[1] = mProfileIdc; // profile indication @@ -2235,6 +2239,7 @@ status_t MPEG4Writer::Track::threadEntry() { } else if (mIsMPEG4) { mCodecSpecificDataSize = buffer->range_length(); mCodecSpecificData = malloc(mCodecSpecificDataSize); + CHECK(mCodecSpecificData != NULL); memcpy(mCodecSpecificData, (const uint8_t *)buffer->data() + buffer->range_offset(), diff --git a/media/libstagefright/MediaBuffer.cpp b/media/libstagefright/MediaBuffer.cpp index 1f80a47..525a156 100644 --- a/media/libstagefright/MediaBuffer.cpp +++ b/media/libstagefright/MediaBuffer.cpp @@ -54,6 +54,7 @@ MediaBuffer::MediaBuffer(size_t size) mOwnsData(true), mMetaData(new MetaData), mOriginal(NULL) { + CHECK(mData != NULL); } MediaBuffer::MediaBuffer(const sp& graphicBuffer) diff --git a/media/libstagefright/OggExtractor.cpp b/media/libstagefright/OggExtractor.cpp index 6fba8e1..c438d3c 100644 --- a/media/libstagefright/OggExtractor.cpp +++ b/media/libstagefright/OggExtractor.cpp @@ -1225,6 +1225,7 @@ static uint8_t *DecodeBase64(const char *s, size_t size, size_t *outSize) { *outSize = outLen; void *buffer = malloc(outLen); + CHECK(buffer != NULL); uint8_t *out = (uint8_t *)buffer; size_t j = 0; diff --git a/media/libstagefright/foundation/ABuffer.cpp b/media/libstagefright/foundation/ABuffer.cpp index a5b81a8..3ebbbd9 100644 --- a/media/libstagefright/foundation/ABuffer.cpp +++ b/media/libstagefright/foundation/ABuffer.cpp @@ -29,13 +29,9 @@ ABuffer::ABuffer(size_t capacity) mInt32Data(0), mOwnsData(true) { mData = malloc(capacity); - if (mData == NULL) { - mCapacity = 0; - mRangeLength = 0; - } else { - mCapacity = capacity; - mRangeLength = capacity; - } + CHECK(mData != NULL); + mCapacity = capacity; + mRangeLength = capacity; } ABuffer::ABuffer(void *data, size_t capacity) -- cgit v1.1