Merge "CameraMetadata: Add sanity check to avoid accidental memory corruption." into mnc-dev

commit: 40c33635760fe9d5bd3df1f347381bdc215805db [log] [tgz]
author: Eino-Ville Talvala <etalvala@google.com> Mon Jul 20 22:01:39 2015 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Mon Jul 20 22:01:39 2015 +0000
tree: 61123a6385c0aba9e4a94981e955c61944de2689
parent: 94b0badc025b14141ff234e3e4e2745411742bac [diff]
parent: e2b60c810282b7cd09af8544dd479ff5adba46f0 [diff]
diff --git a/camera/CameraMetadata.cpp b/camera/CameraMetadata.cpp
index b96a88f..46bcc1d 100644
--- a/camera/CameraMetadata.cpp
+++ b/camera/CameraMetadata.cpp

@@ -289,6 +289,17 @@
         ALOGE("%s: Tag %d not found", __FUNCTION__, tag);
         return BAD_VALUE;
     }
+    // Safety check - ensure that data isn't pointing to this metadata, since
+    // that would get invalidated if a resize is needed
+    size_t bufferSize = get_camera_metadata_size(mBuffer);
+    uintptr_t bufAddr = reinterpret_cast<uintptr_t>(mBuffer);
+    uintptr_t dataAddr = reinterpret_cast<uintptr_t>(data);
+    if (dataAddr > bufAddr && dataAddr < (bufAddr + bufferSize)) {
+        ALOGE("%s: Update attempted with data from the same metadata buffer!",
+                __FUNCTION__);
+        return INVALID_OPERATION;
+    }
+
     size_t data_size = calculate_camera_metadata_entry_data_size(type,
             data_count);
commit	40c33635760fe9d5bd3df1f347381bdc215805db	[log] [tgz]
author	Eino-Ville Talvala <etalvala@google.com>	Mon Jul 20 22:01:39 2015 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Mon Jul 20 22:01:39 2015 +0000
tree	61123a6385c0aba9e4a94981e955c61944de2689
parent	94b0badc025b14141ff234e3e4e2745411742bac [diff]
parent	e2b60c810282b7cd09af8544dd479ff5adba46f0 [diff]