From 5830261a467cbb73e6b8be906d7f29f1af23cdcb Mon Sep 17 00:00:00 2001 From: Konstantinos Menychtas Date: Fri, 17 Jul 2015 15:52:33 -0700 Subject: DO NOT MERGE opengl: Fix QemuPipeStream::readFully reading beyond end of buffer --- This is a back-port of AOSP change 4a7e93da by Yu Ning; the description of the original patch follows below --- When GPU emulation is enabled, the emulator sometimes freezes, with an error message in logcat similar to the following: QemuPipeStream::readFully failed (buf 0x7f9cd8ab8000): Bad address Some users have reported the same issue, e.g.: https://code.google.com/p/android/issues/detail?id=170633 The root cause is that QemuPipeStream::readFully(void *buf, size_t len) may attempt to read beyond (buf + len), resulting in a -EFAULT return value from the goldfish/qemu pipe driver. Fix this bug to improve the stability of the emulator. In addition, - Add more information to the said error message to facilitate future debugging. - Use "%zu" instead of "%d" for logging size_t variables. Change-Id: I8785fee0427fd6c0f25237470b346e769a82c992 Signed-off-by: Yu Ning Signed-off-by: Pengcheng Chen --- emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp b/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp index 5798370..3a53161 100644 --- a/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp +++ b/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp @@ -122,12 +122,14 @@ const unsigned char *QemuPipeStream::readFully(void *buf, size_t len) //DBG(">> QemuPipeStream::readFully %d\n", len); if (!valid()) return NULL; if (!buf) { - if (len>0) ERR("QemuPipeStream::readFully failed, buf=NULL, len %d", len); + if (len > 0) { + ERR("QemuPipeStream::readFully failed, buf=NULL, len %zu", len); + } return NULL; // do not allow NULL buf in that implementation } size_t res = len; while (res > 0) { - ssize_t stat = ::read(m_sock, (char *)(buf) + len - res, len); + ssize_t stat = ::read(m_sock, (char *)(buf) + len - res, res); if (stat == 0) { // client shutdown; return NULL; @@ -135,8 +137,8 @@ const unsigned char *QemuPipeStream::readFully(void *buf, size_t len) if (errno == EINTR) { continue; } else { - ERR("QemuPipeStream::readFully failed (buf %p): %s\n", - buf, strerror(errno)); + ERR("QemuPipeStream::readFully failed (buf %p, len %zu" + ", res %zu): %s\n", buf, len, res, strerror(errno)); return NULL; } } else { -- cgit v1.1