Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / 263709e7be37c7040aaef385bc5c9389a9b5f514^! / . / services / audioflinger / AudioFlinger.cpp
commit263709e7be37c7040aaef385bc5c9389a9b5f514[log] [tgz]
authorGlenn Kasten <gkasten@google.com>Fri Jan 06 08:40:01 2012 -0800
committerGlenn Kasten <gkasten@google.com>Tue Jan 17 07:45:07 2012 -0800
tree4a68796c8fe905b9924d7be1fc7192719f8a446a
parent3944e0326a286bcb931551e61e79c033b10d09d4 [diff] [blame]
Check stream type in AudioFlinger::createTrack

A bad parameter to AudioFlinger::createTrack could cause mediaserver to crash.

Other AudioFlinger stream type cleanup:
 - Simplify range check for audio_stream_type_t
 - Add comment about mStreamTypes array initialization.

Change-Id: Ia33aa1cce0fdd694b08d9288816ffc097a9543d0

diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index d96624b..cf925b0 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp

@@ -398,7 +398,9 @@
     status_t lStatus;
     int lSessionId;
 
-    if (streamType >= AUDIO_STREAM_CNT) {
+    // client AudioTrack::set already implements AUDIO_STREAM_DEFAULT => AUDIO_STREAM_MUSIC,
+    // but if someone uses binder directly they could bypass that and cause us to crash
+    if (uint32_t(streamType) >= AUDIO_STREAM_CNT) {
         ALOGE("createTrack() invalid stream type %d", streamType);
         lStatus = BAD_VALUE;
         goto Exit;
@@ -663,7 +665,7 @@
         return PERMISSION_DENIED;
     }
 
-    if (stream < 0 || uint32_t(stream) >= AUDIO_STREAM_CNT) {
+    if (uint32_t(stream) >= AUDIO_STREAM_CNT) {
         ALOGE("setStreamVolume() invalid stream %d", stream);
         return BAD_VALUE;
     }
@@ -697,7 +699,7 @@
         return PERMISSION_DENIED;
     }
 
-    if (stream < 0 || uint32_t(stream) >= AUDIO_STREAM_CNT ||
+    if (uint32_t(stream) >= AUDIO_STREAM_CNT ||
         uint32_t(stream) == AUDIO_STREAM_ENFORCED_AUDIBLE) {
         ALOGE("setStreamMute() invalid stream %d", stream);
         return BAD_VALUE;
@@ -713,7 +715,7 @@
 
 float AudioFlinger::streamVolume(audio_stream_type_t stream, int output) const
 {
-    if (stream < 0 || uint32_t(stream) >= AUDIO_STREAM_CNT) {
+    if (uint32_t(stream) >= AUDIO_STREAM_CNT) {
         return 0.0f;
     }
 
@@ -734,7 +736,7 @@
 
 bool AudioFlinger::streamMute(audio_stream_type_t stream) const
 {
-    if (stream < 0 || stream >= (int)AUDIO_STREAM_CNT) {
+    if (uint32_t(stream) >= AUDIO_STREAM_CNT) {
         return true;
     }
 
@@ -1386,12 +1388,14 @@
     mMasterVolume = mAudioFlinger->masterVolume_l();
     mMasterMute = mAudioFlinger->masterMute_l();
 
+    // mStreamTypes[AUDIO_STREAM_CNT] is initialized by stream_type_t default constructor
     // There is no AUDIO_STREAM_MIN, and ++ operator does not compile
     for (audio_stream_type_t stream = (audio_stream_type_t) 0; stream < AUDIO_STREAM_CNT;
             stream = (audio_stream_type_t) (stream + 1)) {
         mStreamTypes[stream].volume = mAudioFlinger->streamVolumeInternal(stream);
         mStreamTypes[stream].mute = mAudioFlinger->streamMute(stream);
-        mStreamTypes[stream].valid = true;
+        // initialized by stream_type_t default constructor
+        // mStreamTypes[stream].valid = true;
     }
 }