From 0bbf8b213ad96051357e3ad6d6d2808bfa31a59a Mon Sep 17 00:00:00 2001
From: Ruben Brunk <rubenbrunk@google.com>
Date: Thu, 30 Apr 2015 14:35:42 -0700
Subject: camera2: Fix fuzztesting segfault in connect.

Bug: 20721655
Change-Id: I0d974cad19683a8c86a76dac7f61ac0010bd977a
---
 services/camera/libcameraservice/CameraService.cpp | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'services/camera/libcameraservice/CameraService.cpp')

diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 8c5c43a..e28464d 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -890,9 +890,12 @@ status_t CameraService::handleEvictionsLocked(const String8& cameraId, int clien
             if (current != nullptr) {
                 auto clientSp = current->getValue();
                 if (clientSp.get() != nullptr) { // should never be needed
-                    if (clientSp->getRemote() == remoteCallback) {
+                    if (!clientSp->canCastToApiClient(effectiveApiLevel)) {
+                        ALOGW("CameraService connect called from same client, but with a different"
+                                " API level, evicting prior client...");
+                    } else if (clientSp->getRemote() == remoteCallback) {
                         ALOGI("CameraService::connect X (PID %d) (second call from same"
-                                "app binder, returning the same client)", clientPid);
+                                " app binder, returning the same client)", clientPid);
                         *client = clientSp;
                         return NO_ERROR;
                     }
@@ -1754,6 +1757,11 @@ int CameraService::BasicClient::getClientPid() const {
     return mClientPid;
 }
 
+bool CameraService::BasicClient::canCastToApiClient(apiLevel level) const {
+    // Defaults to API2.
+    return level == API_2;
+}
+
 status_t CameraService::BasicClient::startCameraOps() {
     int32_t res;
     // Notify app ops that the camera is not available
@@ -1866,6 +1874,10 @@ void CameraService::Client::disconnect() {
     BasicClient::disconnect();
 }
 
+bool CameraService::Client::canCastToApiClient(apiLevel level) const {
+    return level == API_1;
+}
+
 CameraService::Client::OpsCallback::OpsCallback(wp<BasicClient> client):
         mClient(client) {
 }
-- 
cgit v1.1