aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonstantinos Menychtas <kmenychtas@google.com>2015-07-17 15:52:33 -0700
committerKonstantinos Menychtas <kmenychtas@google.com>2015-07-21 16:56:47 +0000
commit5830261a467cbb73e6b8be906d7f29f1af23cdcb (patch)
tree0e593aaadf3a4cf6a18be079caaeed2fde316973
parentd81668725d81d6b3020b08e6fbc72acf3dc1c0c8 (diff)
downloadsdk-5830261a467cbb73e6b8be906d7f29f1af23cdcb.zip
sdk-5830261a467cbb73e6b8be906d7f29f1af23cdcb.tar.gz
sdk-5830261a467cbb73e6b8be906d7f29f1af23cdcb.tar.bz2
DO NOT MERGE opengl: Fix QemuPipeStream::readFully reading beyond end of buffer
--- This is a back-port of AOSP change 4a7e93da by Yu Ning; the description of the original patch follows below --- When GPU emulation is enabled, the emulator sometimes freezes, with an error message in logcat similar to the following: QemuPipeStream::readFully failed (buf 0x7f9cd8ab8000): Bad address Some users have reported the same issue, e.g.: https://code.google.com/p/android/issues/detail?id=170633 The root cause is that QemuPipeStream::readFully(void *buf, size_t len) may attempt to read beyond (buf + len), resulting in a -EFAULT return value from the goldfish/qemu pipe driver. Fix this bug to improve the stability of the emulator. In addition, - Add more information to the said error message to facilitate future debugging. - Use "%zu" instead of "%d" for logging size_t variables. Change-Id: I8785fee0427fd6c0f25237470b346e769a82c992 Signed-off-by: Yu Ning <yu.ning@intel.com> Signed-off-by: Pengcheng Chen <pengcheng.chen@intel.com>
-rw-r--r--emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp10
1 files changed, 6 insertions, 4 deletions
diff --git a/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp b/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp
index 5798370..3a53161 100644
--- a/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp
+++ b/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp
@@ -122,12 +122,14 @@ const unsigned char *QemuPipeStream::readFully(void *buf, size_t len)
//DBG(">> QemuPipeStream::readFully %d\n", len);
if (!valid()) return NULL;
if (!buf) {
- if (len>0) ERR("QemuPipeStream::readFully failed, buf=NULL, len %d", len);
+ if (len > 0) {
+ ERR("QemuPipeStream::readFully failed, buf=NULL, len %zu", len);
+ }
return NULL; // do not allow NULL buf in that implementation
}
size_t res = len;
while (res > 0) {
- ssize_t stat = ::read(m_sock, (char *)(buf) + len - res, len);
+ ssize_t stat = ::read(m_sock, (char *)(buf) + len - res, res);
if (stat == 0) {
// client shutdown;
return NULL;
@@ -135,8 +137,8 @@ const unsigned char *QemuPipeStream::readFully(void *buf, size_t len)
if (errno == EINTR) {
continue;
} else {
- ERR("QemuPipeStream::readFully failed (buf %p): %s\n",
- buf, strerror(errno));
+ ERR("QemuPipeStream::readFully failed (buf %p, len %zu"
+ ", res %zu): %s\n", buf, len, res, strerror(errno));
return NULL;
}
} else {