From e992e75053e98e3699af6e344c11b787e30411ad Mon Sep 17 00:00:00 2001 From: Eino-Ville Talvala Date: Fri, 7 Nov 2014 16:17:48 -0800 Subject: Camera: Guard against asBinder() calls on NULL interfaces Bug: 18207548 Change-Id: I9879c9b4c0282a6b96b77398f62beedc47f7f0a0 --- services/camera/libcameraservice/CameraService.cpp | 7 +++++-- .../camera/libcameraservice/api1/Camera2Client.cpp | 3 ++- .../camera/libcameraservice/api1/CameraClient.cpp | 3 ++- .../libcameraservice/api2/CameraDeviceClient.cpp | 23 ++++++++++++---------- .../libcameraservice/api_pro/ProCamera2Client.cpp | 3 ++- .../libcameraservice/common/Camera2ClientBase.cpp | 3 ++- 6 files changed, 26 insertions(+), 16 deletions(-) (limited to 'services/camera') diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp index fd5a426..889be74 100644 --- a/services/camera/libcameraservice/CameraService.cpp +++ b/services/camera/libcameraservice/CameraService.cpp @@ -1363,7 +1363,8 @@ CameraService::Client::Client(const sp& cameraService, int cameraId, int cameraFacing, int clientPid, uid_t clientUid, int servicePid) : - CameraService::BasicClient(cameraService, cameraClient->asBinder(), + CameraService::BasicClient(cameraService, + cameraClient != NULL ? cameraClient->asBinder() : NULL, clientPackageName, cameraId, cameraFacing, clientPid, clientUid, @@ -1476,7 +1477,9 @@ status_t CameraService::BasicClient::finishCameraOps() { } // Always stop watching, even if no camera op is active - mAppOpsManager.stopWatchingMode(mOpsCallback); + if (mOpsCallback != NULL) { + mAppOpsManager.stopWatchingMode(mOpsCallback); + } mOpsCallback.clear(); return OK; diff --git a/services/camera/libcameraservice/api1/Camera2Client.cpp b/services/camera/libcameraservice/api1/Camera2Client.cpp index 2a6aa7b..dd2f64d 100644 --- a/services/camera/libcameraservice/api1/Camera2Client.cpp +++ b/services/camera/libcameraservice/api1/Camera2Client.cpp @@ -165,7 +165,8 @@ status_t Camera2Client::dump(int fd, const Vector& args) { String8 result; result.appendFormat("Client2[%d] (%p) Client: %s PID: %d, dump:\n", mCameraId, - getRemoteCallback()->asBinder().get(), + (getRemoteCallback() != NULL ? + getRemoteCallback()->asBinder().get() : NULL), String8(mClientPackageName).string(), mClientPid); result.append(" State: "); diff --git a/services/camera/libcameraservice/api1/CameraClient.cpp b/services/camera/libcameraservice/api1/CameraClient.cpp index 1a4d9a6..2b17028 100644 --- a/services/camera/libcameraservice/api1/CameraClient.cpp +++ b/services/camera/libcameraservice/api1/CameraClient.cpp @@ -118,7 +118,8 @@ status_t CameraClient::dump(int fd, const Vector& args) { size_t len = snprintf(buffer, SIZE, "Client[%d] (%p) PID: %d\n", mCameraId, - getRemoteCallback()->asBinder().get(), + (getRemoteCallback() != NULL ? + getRemoteCallback()->asBinder().get() : NULL), mClientPid); len = (len > SIZE - 1) ? SIZE - 1 : len; write(fd, buffer, len); diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp index e3301aa..c6d62e7 100644 --- a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp +++ b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp @@ -42,8 +42,14 @@ CameraDeviceClientBase::CameraDeviceClientBase( int clientPid, uid_t clientUid, int servicePid) : - BasicClient(cameraService, remoteCallback->asBinder(), clientPackageName, - cameraId, cameraFacing, clientPid, clientUid, servicePid), + BasicClient(cameraService, + remoteCallback != NULL ? remoteCallback->asBinder() : NULL, + clientPackageName, + cameraId, + cameraFacing, + clientPid, + clientUid, + servicePid), mRemoteCallback(remoteCallback) { } @@ -353,12 +359,8 @@ status_t CameraDeviceClient::createStream(int width, int height, int format, useAsync = true; } - sp binder; - sp anw; - if (bufferProducer != 0) { - binder = bufferProducer->asBinder(); - anw = new Surface(bufferProducer, useAsync); - } + sp binder = bufferProducer->asBinder(); + sp anw = new Surface(bufferProducer, useAsync); // TODO: remove w,h,f since we are ignoring them @@ -395,7 +397,7 @@ status_t CameraDeviceClient::createStream(int width, int height, int format, res = mDevice->createStream(anw, width, height, format, &streamId); if (res == OK) { - mStreamMap.add(bufferProducer->asBinder(), streamId); + mStreamMap.add(binder, streamId); ALOGV("%s: Camera %d: Successfully created a new stream ID %d", __FUNCTION__, mCameraId, streamId); @@ -514,7 +516,8 @@ status_t CameraDeviceClient::dump(int fd, const Vector& args) { String8 result; result.appendFormat("CameraDeviceClient[%d] (%p) dump:\n", mCameraId, - getRemoteCallback()->asBinder().get()); + (getRemoteCallback() != NULL ? + getRemoteCallback()->asBinder().get() : NULL) ); result.appendFormat(" Current client: %s (PID %d, UID %u)\n", String8(mClientPackageName).string(), mClientPid, mClientUid); diff --git a/services/camera/libcameraservice/api_pro/ProCamera2Client.cpp b/services/camera/libcameraservice/api_pro/ProCamera2Client.cpp index 2ea460f..9c8f0f4 100644 --- a/services/camera/libcameraservice/api_pro/ProCamera2Client.cpp +++ b/services/camera/libcameraservice/api_pro/ProCamera2Client.cpp @@ -334,7 +334,8 @@ status_t ProCamera2Client::dump(int fd, const Vector& args) { String8 result; result.appendFormat("ProCamera2Client[%d] (%p) PID: %d, dump:\n", mCameraId, - getRemoteCallback()->asBinder().get(), + (getRemoteCallback() != NULL ? + getRemoteCallback()->asBinder().get() : NULL), mClientPid); result.append(" State:\n"); write(fd, result.string(), result.size()); diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.cpp b/services/camera/libcameraservice/common/Camera2ClientBase.cpp index d6db151..eb91bd4 100644 --- a/services/camera/libcameraservice/common/Camera2ClientBase.cpp +++ b/services/camera/libcameraservice/common/Camera2ClientBase.cpp @@ -128,7 +128,8 @@ status_t Camera2ClientBase::dump(int fd, String8 result; result.appendFormat("Camera2ClientBase[%d] (%p) PID: %d, dump:\n", TClientBase::mCameraId, - TClientBase::getRemoteCallback()->asBinder().get(), + (TClientBase::getRemoteCallback() != NULL ? + TClientBase::getRemoteCallback()->asBinder().get() : NULL), TClientBase::mClientPid); result.append(" State: "); -- cgit v1.1