diff options
| author | Elliott Hughes <enh@google.com> | 2013-10-29 13:12:55 -0700 |
|---|---|---|
| committer | Elliott Hughes <enh@google.com> | 2013-10-29 13:12:55 -0700 |
| commit | c367d48c55e5a3fa0df14fd62889e4bb6b63cb01 (patch) | |
| tree | cc6a7e56e5c5e74d66603c8170660fd99c52bff3 | |
| parent | b4cae4a955ebd91cf35aaeb00ab12ce6f1d5fc48 (diff) | |
| download | frameworks_base-c367d48c55e5a3fa0df14fd62889e4bb6b63cb01.zip frameworks_base-c367d48c55e5a3fa0df14fd62889e4bb6b63cb01.tar.gz frameworks_base-c367d48c55e5a3fa0df14fd62889e4bb6b63cb01.tar.bz2 | |
Fix a variety of small publicly-reported bugs.
Possible NULL dereference in cmds/bootanimation/BootAnimation.cpp.
https://code.google.com/p/android/issues/detail?id=61556
Missing fclose in core/jni/android_os_Debug.cpp.
https://code.google.com/p/android/issues/detail?id=61546
Bad loop guards in core/jni/android_util_Process.cpp.
https://code.google.com/p/android/issues/detail?id=61557
Assignment to wrong variable in libs/androidfw/AssetManager.cpp.
https://code.google.com/p/android/issues/detail?id=61560
Missing delete[]s in libs/androidfw/ObbFile.cpp.
https://code.google.com/p/android/issues/detail?id=61549
Leaks on error in tools/aapt/Images.cpp.
https://code.google.com/p/android/issues/detail?id=61552
Two missing fclose calls in tools/aapt/Resource.cpp.
https://code.google.com/p/android/issues/detail?id=61553
Missing fclose in tools/aidl/aidl.cpp.
https://code.google.com/p/android/issues/detail?id=61554
Change-Id: I5820f3824e72d07a9acb776cf0af3e7443f5694a
| -rw-r--r-- | cmds/bootanimation/BootAnimation.cpp | 4 | ||||
| -rw-r--r-- | core/jni/android_os_Debug.cpp | 6 | ||||
| -rw-r--r-- | core/jni/android_util_Process.cpp | 14 | ||||
| -rw-r--r-- | libs/androidfw/AssetManager.cpp | 22 | ||||
| -rw-r--r-- | libs/androidfw/ObbFile.cpp | 2 | ||||
| -rw-r--r-- | tools/aapt/Images.cpp | 21 | ||||
| -rw-r--r-- | tools/aapt/Resource.cpp | 44 | ||||
| -rw-r--r-- | tools/aidl/aidl.cpp | 15 |
8 files changed, 66 insertions, 62 deletions
diff --git a/cmds/bootanimation/BootAnimation.cpp b/cmds/bootanimation/BootAnimation.cpp index 8511735..cc49cf3 100644 --- a/cmds/bootanimation/BootAnimation.cpp +++ b/cmds/bootanimation/BootAnimation.cpp @@ -159,8 +159,8 @@ status_t BootAnimation::initTexture(void* buffer, size_t len) SkBitmap bitmap; SkMemoryStream stream(buffer, len); SkImageDecoder* codec = SkImageDecoder::Factory(&stream); - codec->setDitherImage(false); if (codec) { + codec->setDitherImage(false); codec->decode(&stream, &bitmap, SkBitmap::kARGB_8888_Config, SkImageDecoder::kDecodePixels_Mode); @@ -270,7 +270,7 @@ status_t BootAnimation::readyToRun() { mAndroidAnimation = true; - // If the device has encryption turned on or is in process + // If the device has encryption turned on or is in process // of being encrypted we show the encrypted boot animation. char decrypt[PROPERTY_VALUE_MAX]; property_get("vold.decrypt", decrypt, ""); diff --git a/core/jni/android_os_Debug.cpp b/core/jni/android_os_Debug.cpp index 2883c10..7720389 100644 --- a/core/jni/android_os_Debug.cpp +++ b/core/jni/android_os_Debug.cpp @@ -335,6 +335,7 @@ static jint read_binder_stat(const char* stat) // loop until we have the block that represents this process do { if (fgets(line, 1024, fp) == 0) { + fclose(fp); return -1; } } while (strncmp(compare, line, len)); @@ -344,13 +345,16 @@ static jint read_binder_stat(const char* stat) do { if (fgets(line, 1024, fp) == 0) { + fclose(fp); return -1; } } while (strncmp(compare, line, len)); // we have the line, now increment the line ptr to the value char* ptr = line + len; - return atoi(ptr); + jint result = atoi(ptr); + fclose(fp); + return result; } static jint android_os_Debug_getBinderSentTransactions(JNIEnv *env, jobject clazz) diff --git a/core/jni/android_util_Process.cpp b/core/jni/android_util_Process.cpp index 607c429..43a5859 100644 --- a/core/jni/android_util_Process.cpp +++ b/core/jni/android_util_Process.cpp @@ -395,7 +395,7 @@ static int pid_compare(const void* v1, const void* v2) return *((const jint*)v1) - *((const jint*)v2); } -static jlong getFreeMemoryImpl(const char* const sums[], const int sumsLen[], int num) +static jlong getFreeMemoryImpl(const char* const sums[], const size_t sumsLen[], size_t num) { int fd = open("/proc/meminfo", O_RDONLY); @@ -414,7 +414,7 @@ static jlong getFreeMemoryImpl(const char* const sums[], const int sumsLen[], in } buffer[len] = 0; - int numFound = 0; + size_t numFound = 0; jlong mem = 0; char* p = buffer; @@ -446,14 +446,14 @@ static jlong getFreeMemoryImpl(const char* const sums[], const int sumsLen[], in static jlong android_os_Process_getFreeMemory(JNIEnv* env, jobject clazz) { static const char* const sums[] = { "MemFree:", "Cached:", NULL }; - static const int sumsLen[] = { strlen("MemFree:"), strlen("Cached:"), 0 }; + static const size_t sumsLen[] = { strlen("MemFree:"), strlen("Cached:"), 0 }; return getFreeMemoryImpl(sums, sumsLen, 2); } static jlong android_os_Process_getTotalMemory(JNIEnv* env, jobject clazz) { static const char* const sums[] = { "MemTotal:", NULL }; - static const int sumsLen[] = { strlen("MemTotal:"), 0 }; + static const size_t sumsLen[] = { strlen("MemTotal:"), 0 }; return getFreeMemoryImpl(sums, sumsLen, 1); } @@ -711,13 +711,13 @@ jboolean android_os_Process_parseProcLineArray(JNIEnv* env, jobject clazz, jsize end = -1; if ((mode&PROC_PARENS) != 0) { - while (buffer[i] != ')' && i < endIndex) { + while (i < endIndex && buffer[i] != ')') { i++; } end = i; i++; } - while (buffer[i] != term && i < endIndex) { + while (i < endIndex && buffer[i] != term) { i++; } if (end < 0) { @@ -727,7 +727,7 @@ jboolean android_os_Process_parseProcLineArray(JNIEnv* env, jobject clazz, if (i < endIndex) { i++; if ((mode&PROC_COMBINE) != 0) { - while (buffer[i] == term && i < endIndex) { + while (i < endIndex && buffer[i] == term) { i++; } } diff --git a/libs/androidfw/AssetManager.cpp b/libs/androidfw/AssetManager.cpp index b08c36b..9156725 100644 --- a/libs/androidfw/AssetManager.cpp +++ b/libs/androidfw/AssetManager.cpp @@ -431,7 +431,7 @@ void AssetManager::setLocaleLocked(const char* locale) delete[] mLocale; } mLocale = strdupNew(locale); - + updateResourceParamsLocked(); } @@ -674,7 +674,7 @@ const ResTable* AssetManager::getResTable(bool required) const mZipSet.setZipResourceTableAsset(ap.path, ass); } } - + if (i == 0 && ass != NULL) { // If this is the first resource table in the asset // manager, then we are going to cache it so that we @@ -688,7 +688,7 @@ const ResTable* AssetManager::getResTable(bool required) const } } else { ALOGV("loading resource table %s\n", ap.path.string()); - Asset* ass = const_cast<AssetManager*>(this)-> + ass = const_cast<AssetManager*>(this)-> openNonAssetInPathLocked("resources.arsc", Asset::ACCESS_BUFFER, ap); @@ -890,7 +890,7 @@ Asset* AssetManager::openInLocaleVendorLocked(const char* fileName, AccessMode m /* look at the filesystem on disk */ String8 path(createPathNameLocked(ap, locale, vendor)); path.appendPath(fileName); - + String8 excludeName(path); excludeName.append(kExcludeExtension); if (::getFileType(excludeName.string()) != kFileTypeNonexistent) { @@ -898,28 +898,28 @@ Asset* AssetManager::openInLocaleVendorLocked(const char* fileName, AccessMode m //printf("+++ excluding '%s'\n", (const char*) excludeName); return kExcludedAsset; } - + pAsset = openAssetFromFileLocked(path, mode); - + if (pAsset == NULL) { /* try again, this time with ".gz" */ path.append(".gz"); pAsset = openAssetFromFileLocked(path, mode); } - + if (pAsset != NULL) pAsset->setAssetSource(path); } else { /* find in cache */ String8 path(createPathNameLocked(ap, locale, vendor)); path.appendPath(fileName); - + AssetDir::FileInfo tmpInfo; bool found = false; - + String8 excludeName(path); excludeName.append(kExcludeExtension); - + if (mCache.indexOf(excludeName) != NAME_NOT_FOUND) { /* go no farther */ //printf("+++ Excluding '%s'\n", (const char*) excludeName); @@ -1738,7 +1738,7 @@ bool AssetManager::fncScanAndMergeDirLocked( // XXX This is broken -- the filename cache needs to hold the base // asset path separately from its filename. - + partialPath = createPathNameLocked(ap, locale, vendor); if (dirName[0] != '\0') { partialPath.appendPath(dirName); diff --git a/libs/androidfw/ObbFile.cpp b/libs/androidfw/ObbFile.cpp index 21e06c8..ec59f06 100644 --- a/libs/androidfw/ObbFile.cpp +++ b/libs/androidfw/ObbFile.cpp @@ -133,7 +133,7 @@ bool ObbFile::parseObbFile(int fd) { lseek64(fd, fileLength - kFooterTagSize, SEEK_SET); - char *footer = new char[kFooterTagSize]; + char footer[kFooterTagSize]; actual = TEMP_FAILURE_RETRY(read(fd, footer, kFooterTagSize)); if (actual != kFooterTagSize) { ALOGW("couldn't read footer signature: %s\n", strerror(errno)); diff --git a/tools/aapt/Images.cpp b/tools/aapt/Images.cpp index b2cbf49..25a948d 100644 --- a/tools/aapt/Images.cpp +++ b/tools/aapt/Images.cpp @@ -452,10 +452,11 @@ static status_t do_9patch(const char* imageName, image_info* image) int maxSizeXDivs = W * sizeof(int32_t); int maxSizeYDivs = H * sizeof(int32_t); - int32_t* xDivs = (int32_t*) malloc(maxSizeXDivs); - int32_t* yDivs = (int32_t*) malloc(maxSizeYDivs); - uint8_t numXDivs = 0; - uint8_t numYDivs = 0; + int32_t* xDivs = image->info9Patch.xDivs = (int32_t*) malloc(maxSizeXDivs); + int32_t* yDivs = image->info9Patch.yDivs = (int32_t*) malloc(maxSizeYDivs); + uint8_t numXDivs = 0; + uint8_t numYDivs = 0; + int8_t numColors; int numRows; int numCols; @@ -510,6 +511,10 @@ static status_t do_9patch(const char* imageName, image_info* image) goto getout; } + // Copy patch size data into image... + image->info9Patch.numXDivs = numXDivs; + image->info9Patch.numYDivs = numYDivs; + // Find left and right of padding area... if (get_horizontal_ticks(image->rows[H-1], W, transparent, false, &image->info9Patch.paddingLeft, &image->info9Patch.paddingRight, &errorMsg, NULL, false) != NO_ERROR) { @@ -545,12 +550,6 @@ static status_t do_9patch(const char* imageName, image_info* image) image->layoutBoundsRight, image->layoutBoundsBottom)); } - // Copy patch data into image - image->info9Patch.numXDivs = numXDivs; - image->info9Patch.numYDivs = numYDivs; - image->info9Patch.xDivs = xDivs; - image->info9Patch.yDivs = yDivs; - // If padding is not yet specified, take values from size. if (image->info9Patch.paddingLeft < 0) { image->info9Patch.paddingLeft = xDivs[0]; @@ -957,7 +956,7 @@ static void analyze_image(const char *imageName, image_info &imageInfo, int gray gg = *row++; bb = *row++; aa = *row++; - + if (isGrayscale) { *out++ = rr; } else { diff --git a/tools/aapt/Resource.cpp b/tools/aapt/Resource.cpp index 6168bbd..490d8e6 100644 --- a/tools/aapt/Resource.cpp +++ b/tools/aapt/Resource.cpp @@ -468,7 +468,7 @@ static int validateAttr(const String8& path, const ResTable& table, value.data); return ATTR_NOT_FOUND; } - + pool = table.getTableStringBlock(strIdx); #if 0 if (pool != NULL) { @@ -704,7 +704,7 @@ bool addTagAttribute(const sp<XMLNode>& node, const char* ns8, // don't stop the build. return true; } - + node->addAttribute(ns, attr, String16(value)); return true; } @@ -755,7 +755,7 @@ status_t massageManifest(Bundle* bundle, sp<XMLNode> root) bundle->getVersionName(), errorOnFailedInsert)) { return UNKNOWN_ERROR; } - + if (bundle->getMinSdkVersion() != NULL || bundle->getTargetSdkVersion() != NULL || bundle->getMaxSdkVersion() != NULL) { @@ -764,7 +764,7 @@ status_t massageManifest(Bundle* bundle, sp<XMLNode> root) vers = XMLNode::newElement(root->getFilename(), String16(), String16("uses-sdk")); root->insertChildAt(vers, 0); } - + if (!addTagAttribute(vers, RESOURCES_ANDROID_NAMESPACE, "minSdkVersion", bundle->getMinSdkVersion(), errorOnFailedInsert)) { return UNKNOWN_ERROR; @@ -839,7 +839,7 @@ status_t massageManifest(Bundle* bundle, sp<XMLNode> root) } } } - + return NO_ERROR; } @@ -923,7 +923,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) // -------------------------------------------------------------- // resType -> leafName -> group - KeyedVector<String8, sp<ResourceTypeSet> > *resources = + KeyedVector<String8, sp<ResourceTypeSet> > *resources = new KeyedVector<String8, sp<ResourceTypeSet> >; collect_files(assets, resources); @@ -953,7 +953,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) // now go through any resource overlays and collect their files sp<AaptAssets> current = assets->getOverlay(); while(current.get()) { - KeyedVector<String8, sp<ResourceTypeSet> > *resources = + KeyedVector<String8, sp<ResourceTypeSet> > *resources = new KeyedVector<String8, sp<ResourceTypeSet> >; current->setResources(resources); collect_files(current, resources); @@ -1048,7 +1048,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) // compile resources current = assets; while(current.get()) { - KeyedVector<String8, sp<ResourceTypeSet> > *resources = + KeyedVector<String8, sp<ResourceTypeSet> > *resources = current->getResources(); ssize_t index = resources->indexOfKey(String8("values")); @@ -1057,7 +1057,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) ssize_t res; while ((res=it.next()) == NO_ERROR) { sp<AaptFile> file = it.getFile(); - res = compileResourceFile(bundle, assets, file, it.getParams(), + res = compileResourceFile(bundle, assets, file, it.getParams(), (current!=assets), &table); if (res != NO_ERROR) { hasErrors = true; @@ -1227,7 +1227,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) if (table.validateLocalizations()) { hasErrors = true; } - + if (hasErrors) { return UNKNOWN_ERROR; } @@ -1260,7 +1260,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) ResTable finalResTable; sp<AaptFile> resFile; - + if (table.hasResources()) { sp<AaptSymbols> symbols = assets->getSymbolsFor(String8("R")); err = table.addSymbols(symbols); @@ -1292,10 +1292,10 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) table.writePublicDefinitions(String16(assets->getPackage()), fp); fclose(fp); } - + // Read resources back in, finalResTable.add(resFile->getData(), resFile->getSize(), NULL); - + #if 0 NOISY( printf("Generated resources:\n"); @@ -1303,7 +1303,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) ) #endif } - + // Perform a basic validation of the manifest file. This time we // parse it with the comments intact, so that we can use them to // generate java docs... so we are not going to write this one @@ -1398,7 +1398,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) ssize_t index = block.indexOfAttribute(RESOURCES_ANDROID_NAMESPACE, "name"); const uint16_t* id = block.getAttributeStringValue(index, &len); if (id == NULL) { - fprintf(stderr, "%s:%d: missing name attribute in element <%s>.\n", + fprintf(stderr, "%s:%d: missing name attribute in element <%s>.\n", manifestPath.string(), block.getLineNumber(), String8(block.getElementName(&len)).string()); hasErrors = true; @@ -1556,7 +1556,7 @@ status_t buildResources(Bundle* bundle, const sp<AaptAssets>& assets) return err; } } - + return err; } @@ -1678,7 +1678,7 @@ static status_t writeLayoutClasses( NA = idents.size(); bool deprecated = false; - + String16 comment = symbols->getComment(realClassName); fprintf(fp, "%s/** ", indentStr); if (comment.size() > 0) { @@ -1761,7 +1761,7 @@ static status_t writeLayoutClasses( if (deprecated) { fprintf(fp, "%s@Deprecated\n", indentStr); } - + fprintf(fp, "%spublic static final int[] %s = {\n" "%s", @@ -1806,9 +1806,9 @@ static status_t writeLayoutClasses( //printf("%s:%s/%s: 0x%08x\n", String8(package16).string(), // String8(attr16).string(), String8(name16).string(), typeSpecFlags); const bool pub = (typeSpecFlags&ResTable_typeSpec::SPEC_PUBLIC) != 0; - + bool deprecated = false; - + fprintf(fp, "%s/**\n", indentStr); if (comment.size() > 0) { String8 cmt(comment); @@ -2193,10 +2193,10 @@ status_t writeResourceSymbols(Bundle* bundle, const sp<AaptAssets>& assets, status_t err = writeSymbolClass(fp, assets, includePrivate, symbols, className, 0, bundle->getNonConstantId()); + fclose(fp); if (err != NO_ERROR) { return err; } - fclose(fp); if (textSymbolsDest != NULL && R == className) { String8 textDest(textSymbolsDest); @@ -2215,10 +2215,10 @@ status_t writeResourceSymbols(Bundle* bundle, const sp<AaptAssets>& assets, status_t err = writeTextSymbolClass(fp, assets, includePrivate, symbols, className); + fclose(fp); if (err != NO_ERROR) { return err; } - fclose(fp); } // If we were asked to generate a dependency file, we'll go ahead and add this R.java diff --git a/tools/aidl/aidl.cpp b/tools/aidl/aidl.cpp index 071a8d7..b5c3da9 100644 --- a/tools/aidl/aidl.cpp +++ b/tools/aidl/aidl.cpp @@ -207,7 +207,7 @@ check_filename(const char* filename, const char* package, buffer_type* name) p = strchr(name->data, '.'); len = p ? p-name->data : strlen(name->data); expected.append(name->data, len); - + expected += ".aidl"; len = fn.length(); @@ -473,7 +473,7 @@ check_method(const char* filename, int kind, method_type* m) err = 1; goto next; } - + if (!(kind == INTERFACE_TYPE_BINDER ? t->CanWriteToParcel() : t->CanWriteToRpcData())) { fprintf(stderr, "%s:%d parameter %d: '%s %s' can't be marshalled.\n", filename, m->type.type.lineno, index, @@ -536,7 +536,7 @@ check_method(const char* filename, int kind, method_type* m) filename, m->name.lineno, index, arg->name.data); err = 1; } - + next: index++; arg = arg->next; @@ -787,7 +787,7 @@ parse_preprocessed_file(const string& filename) //printf("%s:%d:...%s...%s...%s...\n", filename.c_str(), lineno, // type, packagename, classname); document_item_type* doc; - + if (0 == strcmp("parcelable", type)) { user_data_type* parcl = (user_data_type*)malloc( sizeof(user_data_type)); @@ -837,6 +837,7 @@ parse_preprocessed_file(const string& filename) else { fprintf(stderr, "%s:%d: bad type in line: %s\n", filename.c_str(), lineno, line); + fclose(f); return 1; } err = gather_types(filename.c_str(), doc); @@ -1093,13 +1094,13 @@ preprocess_aidl(const Options& options) } // write preprocessed file - int fd = open( options.outputFileName.c_str(), + int fd = open( options.outputFileName.c_str(), O_RDWR|O_CREAT|O_TRUNC|O_BINARY, #ifdef HAVE_MS_C_RUNTIME _S_IREAD|_S_IWRITE); -#else +#else S_IRUSR|S_IWUSR|S_IRGRP); -#endif +#endif if (fd == -1) { fprintf(stderr, "aidl: could not open file for write: %s\n", options.outputFileName.c_str()); |