Merge "CameraMetadata: Add sanity check to avoid accidental memory corruption." into mnc-dev
diff --git a/include/media/IResourceManagerService.h b/include/media/IResourceManagerService.h
index 067392c..1e4f6de 100644
--- a/include/media/IResourceManagerService.h
+++ b/include/media/IResourceManagerService.h
@@ -43,7 +43,7 @@
const sp<IResourceManagerClient> client,
const Vector<MediaResource> &resources) = 0;
- virtual void removeResource(int64_t clientId) = 0;
+ virtual void removeResource(int pid, int64_t clientId) = 0;
virtual bool reclaimResource(
int callingPid,
diff --git a/include/media/stagefright/MediaCodec.h b/include/media/stagefright/MediaCodec.h
index 09cbe8f..b621b9c 100644
--- a/include/media/stagefright/MediaCodec.h
+++ b/include/media/stagefright/MediaCodec.h
@@ -260,18 +260,18 @@
virtual void binderDied(const wp<IBinder>& /*who*/);
void addResource(
- int pid,
int64_t clientId,
const sp<IResourceManagerClient> client,
const Vector<MediaResource> &resources);
void removeResource(int64_t clientId);
- bool reclaimResource(int callingPid, const Vector<MediaResource> &resources);
+ bool reclaimResource(const Vector<MediaResource> &resources);
private:
Mutex mLock;
sp<IResourceManagerService> mService;
+ int mPid;
};
State mState;
@@ -299,6 +299,7 @@
bool mIsVideo;
int32_t mVideoWidth;
int32_t mVideoHeight;
+ int32_t mRotationDegrees;
// initial create parameters
AString mInitName;
diff --git a/media/libmedia/IResourceManagerService.cpp b/media/libmedia/IResourceManagerService.cpp
index 6902e99..4598686 100644
--- a/media/libmedia/IResourceManagerService.cpp
+++ b/media/libmedia/IResourceManagerService.cpp
@@ -85,9 +85,10 @@
remote()->transact(ADD_RESOURCE, data, &reply);
}
- virtual void removeResource(int64_t clientId) {
+ virtual void removeResource(int pid, int64_t clientId) {
Parcel data, reply;
data.writeInterfaceToken(IResourceManagerService::getInterfaceDescriptor());
+ data.writeInt32(pid);
data.writeInt64(clientId);
remote()->transact(REMOVE_RESOURCE, data, &reply);
@@ -139,8 +140,9 @@
case REMOVE_RESOURCE: {
CHECK_INTERFACE(IResourceManagerService, data, reply);
+ int pid = data.readInt32();
int64_t clientId = data.readInt64();
- removeResource(clientId);
+ removeResource(pid, clientId);
return NO_ERROR;
} break;
diff --git a/media/libstagefright/MediaCodec.cpp b/media/libstagefright/MediaCodec.cpp
index fb32d3a..b444687 100644
--- a/media/libstagefright/MediaCodec.cpp
+++ b/media/libstagefright/MediaCodec.cpp
@@ -54,10 +54,6 @@
namespace android {
-static inline int getCallingPid() {
- return IPCThreadState::self()->getCallingPid();
-}
-
static int64_t getId(sp<IResourceManagerClient> client) {
return (int64_t) client.get();
}
@@ -108,7 +104,8 @@
DISALLOW_EVIL_CONSTRUCTORS(ResourceManagerClient);
};
-MediaCodec::ResourceManagerServiceProxy::ResourceManagerServiceProxy() {
+MediaCodec::ResourceManagerServiceProxy::ResourceManagerServiceProxy()
+ : mPid(IPCThreadState::self()->getCallingPid()) {
}
MediaCodec::ResourceManagerServiceProxy::~ResourceManagerServiceProxy() {
@@ -135,7 +132,6 @@
}
void MediaCodec::ResourceManagerServiceProxy::addResource(
- int pid,
int64_t clientId,
const sp<IResourceManagerClient> client,
const Vector<MediaResource> &resources) {
@@ -143,7 +139,7 @@
if (mService == NULL) {
return;
}
- mService->addResource(pid, clientId, client, resources);
+ mService->addResource(mPid, clientId, client, resources);
}
void MediaCodec::ResourceManagerServiceProxy::removeResource(int64_t clientId) {
@@ -151,16 +147,16 @@
if (mService == NULL) {
return;
}
- mService->removeResource(clientId);
+ mService->removeResource(mPid, clientId);
}
bool MediaCodec::ResourceManagerServiceProxy::reclaimResource(
- int callingPid, const Vector<MediaResource> &resources) {
+ const Vector<MediaResource> &resources) {
Mutex::Autolock _l(mLock);
if (mService == NULL) {
return false;
}
- return mService->reclaimResource(callingPid, resources);
+ return mService->reclaimResource(mPid, resources);
}
// static
@@ -251,6 +247,7 @@
mIsVideo(false),
mVideoWidth(0),
mVideoHeight(0),
+ mRotationDegrees(0),
mDequeueInputTimeoutGeneration(0),
mDequeueInputReplyID(0),
mDequeueOutputTimeoutGeneration(0),
@@ -375,7 +372,7 @@
for (int i = 0; i <= kMaxRetry; ++i) {
if (i > 0) {
// Don't try to reclaim resource for the first time.
- if (!mResourceManagerService->reclaimResource(getCallingPid(), resources)) {
+ if (!mResourceManagerService->reclaimResource(resources)) {
break;
}
}
@@ -413,6 +410,9 @@
if (mIsVideo) {
format->findInt32("width", &mVideoWidth);
format->findInt32("height", &mVideoHeight);
+ if (!format->findInt32("rotation-degrees", &mRotationDegrees)) {
+ mRotationDegrees = 0;
+ }
}
msg->setMessage("format", format);
@@ -438,7 +438,7 @@
for (int i = 0; i <= kMaxRetry; ++i) {
if (i > 0) {
// Don't try to reclaim resource for the first time.
- if (!mResourceManagerService->reclaimResource(getCallingPid(), resources)) {
+ if (!mResourceManagerService->reclaimResource(resources)) {
break;
}
}
@@ -517,7 +517,7 @@
Vector<MediaResource> resources;
resources.push_back(MediaResource(type, subtype, value));
mResourceManagerService->addResource(
- getCallingPid(), getId(mResourceManagerClient), mResourceManagerClient, resources);
+ getId(mResourceManagerClient), mResourceManagerClient, resources);
}
status_t MediaCodec::start() {
@@ -535,7 +535,7 @@
for (int i = 0; i <= kMaxRetry; ++i) {
if (i > 0) {
// Don't try to reclaim resource for the first time.
- if (!mResourceManagerService->reclaimResource(getCallingPid(), resources)) {
+ if (!mResourceManagerService->reclaimResource(resources)) {
break;
}
// Recover codec from previous error before retry start.
@@ -1313,7 +1313,7 @@
CHECK(msg->findString("mime", &mime));
if (mime.startsWithIgnoreCase("video/")) {
- mSoftRenderer = new SoftwareRenderer(mSurface);
+ mSoftRenderer = new SoftwareRenderer(mSurface, mRotationDegrees);
}
}
diff --git a/media/libstagefright/colorconversion/SoftwareRenderer.cpp b/media/libstagefright/colorconversion/SoftwareRenderer.cpp
index d22451b..e92c192 100644
--- a/media/libstagefright/colorconversion/SoftwareRenderer.cpp
+++ b/media/libstagefright/colorconversion/SoftwareRenderer.cpp
@@ -38,7 +38,8 @@
return (x + y - 1) & ~(y - 1);
}
-SoftwareRenderer::SoftwareRenderer(const sp<ANativeWindow> &nativeWindow)
+SoftwareRenderer::SoftwareRenderer(
+ const sp<ANativeWindow> &nativeWindow, int32_t rotation)
: mColorFormat(OMX_COLOR_FormatUnused),
mConverter(NULL),
mYUVMode(None),
@@ -50,7 +51,8 @@
mCropRight(0),
mCropBottom(0),
mCropWidth(0),
- mCropHeight(0) {
+ mCropHeight(0),
+ mRotationDegrees(rotation) {
}
SoftwareRenderer::~SoftwareRenderer() {
@@ -181,7 +183,7 @@
int32_t rotationDegrees;
if (!format->findInt32("rotation-degrees", &rotationDegrees)) {
- rotationDegrees = 0;
+ rotationDegrees = mRotationDegrees;
}
uint32_t transform;
switch (rotationDegrees) {
diff --git a/media/libstagefright/foundation/ABuffer.cpp b/media/libstagefright/foundation/ABuffer.cpp
index b214870..a5b81a8 100644
--- a/media/libstagefright/foundation/ABuffer.cpp
+++ b/media/libstagefright/foundation/ABuffer.cpp
@@ -25,12 +25,17 @@
ABuffer::ABuffer(size_t capacity)
: mMediaBufferBase(NULL),
- mData(malloc(capacity)),
- mCapacity(capacity),
mRangeOffset(0),
- mRangeLength(capacity),
mInt32Data(0),
mOwnsData(true) {
+ mData = malloc(capacity);
+ if (mData == NULL) {
+ mCapacity = 0;
+ mRangeLength = 0;
+ } else {
+ mCapacity = capacity;
+ mRangeLength = capacity;
+ }
}
ABuffer::ABuffer(void *data, size_t capacity)
@@ -47,6 +52,9 @@
sp<ABuffer> ABuffer::CreateAsCopy(const void *data, size_t capacity)
{
sp<ABuffer> res = new ABuffer(capacity);
+ if (res->base() == NULL) {
+ return NULL;
+ }
memcpy(res->data(), data, capacity);
return res;
}
diff --git a/media/libstagefright/include/SoftwareRenderer.h b/media/libstagefright/include/SoftwareRenderer.h
index 9e652d5..757b308 100644
--- a/media/libstagefright/include/SoftwareRenderer.h
+++ b/media/libstagefright/include/SoftwareRenderer.h
@@ -31,7 +31,8 @@
class SoftwareRenderer {
public:
- explicit SoftwareRenderer(const sp<ANativeWindow> &nativeWindow);
+ explicit SoftwareRenderer(
+ const sp<ANativeWindow> &nativeWindow, int32_t rotation = 0);
~SoftwareRenderer();
@@ -52,6 +53,7 @@
int32_t mWidth, mHeight;
int32_t mCropLeft, mCropTop, mCropRight, mCropBottom;
int32_t mCropWidth, mCropHeight;
+ int32_t mRotationDegrees;
FrameRenderTracker mRenderTracker;
SoftwareRenderer(const SoftwareRenderer &);
diff --git a/services/camera/libcameraservice/common/CameraModule.cpp b/services/camera/libcameraservice/common/CameraModule.cpp
index 1ae01ae..6a4dfe0 100644
--- a/services/camera/libcameraservice/common/CameraModule.cpp
+++ b/services/camera/libcameraservice/common/CameraModule.cpp
@@ -136,9 +136,10 @@
// Always add a default for the pre-correction active array if the vendor chooses to omit this
camera_metadata_entry entry = chars.find(ANDROID_SENSOR_INFO_PRE_CORRECTION_ACTIVE_ARRAY_SIZE);
if (entry.count == 0) {
+ Vector<int32_t> preCorrectionArray;
entry = chars.find(ANDROID_SENSOR_INFO_ACTIVE_ARRAY_SIZE);
- chars.update(ANDROID_SENSOR_INFO_PRE_CORRECTION_ACTIVE_ARRAY_SIZE, entry.data.i32,
- entry.count);
+ preCorrectionArray.appendArray(entry.data.i32, entry.count);
+ chars.update(ANDROID_SENSOR_INFO_PRE_CORRECTION_ACTIVE_ARRAY_SIZE, preCorrectionArray);
}
return;
diff --git a/services/mediaresourcemanager/ResourceManagerService.cpp b/services/mediaresourcemanager/ResourceManagerService.cpp
index 61147ff..e54cc5a 100644
--- a/services/mediaresourcemanager/ResourceManagerService.cpp
+++ b/services/mediaresourcemanager/ResourceManagerService.cpp
@@ -179,23 +179,24 @@
info.resources.appendVector(resources);
}
-void ResourceManagerService::removeResource(int64_t clientId) {
- String8 log = String8::format("removeResource(%lld)", (long long) clientId);
+void ResourceManagerService::removeResource(int pid, int64_t clientId) {
+ String8 log = String8::format(
+ "removeResource(pid %d, clientId %lld)",
+ pid, (long long) clientId);
mServiceLog->add(log);
Mutex::Autolock lock(mLock);
+ ssize_t index = mMap.indexOfKey(pid);
+ if (index < 0) {
+ ALOGV("removeResource: didn't find pid %d for clientId %lld", pid, (long long) clientId);
+ return;
+ }
bool found = false;
- for (size_t i = 0; i < mMap.size(); ++i) {
- ResourceInfos &infos = mMap.editValueAt(i);
- for (size_t j = 0; j < infos.size();) {
- if (infos[j].clientId == clientId) {
- j = infos.removeAt(j);
- found = true;
- } else {
- ++j;
- }
- }
- if (found) {
+ ResourceInfos &infos = mMap.editValueAt(index);
+ for (size_t j = 0; j < infos.size(); ++j) {
+ if (infos[j].clientId == clientId) {
+ j = infos.removeAt(j);
+ found = true;
break;
}
}
diff --git a/services/mediaresourcemanager/ResourceManagerService.h b/services/mediaresourcemanager/ResourceManagerService.h
index ca218fc..4769373 100644
--- a/services/mediaresourcemanager/ResourceManagerService.h
+++ b/services/mediaresourcemanager/ResourceManagerService.h
@@ -63,7 +63,7 @@
const sp<IResourceManagerClient> client,
const Vector<MediaResource> &resources);
- virtual void removeResource(int64_t clientId);
+ virtual void removeResource(int pid, int64_t clientId);
// Tries to reclaim resource from processes with lower priority than the calling process
// according to the requested resources.
diff --git a/services/mediaresourcemanager/test/ResourceManagerService_test.cpp b/services/mediaresourcemanager/test/ResourceManagerService_test.cpp
index 8ae6a55..df49ddc 100644
--- a/services/mediaresourcemanager/test/ResourceManagerService_test.cpp
+++ b/services/mediaresourcemanager/test/ResourceManagerService_test.cpp
@@ -29,6 +29,10 @@
namespace android {
+static int64_t getId(sp<IResourceManagerClient> client) {
+ return (int64_t) client.get();
+}
+
struct TestProcessInfo : public ProcessInfoInterface {
TestProcessInfo() {}
virtual ~TestProcessInfo() {}
@@ -45,12 +49,12 @@
};
struct TestClient : public BnResourceManagerClient {
- TestClient(sp<ResourceManagerService> service)
- : mReclaimed(false), mService(service) {}
+ TestClient(int pid, sp<ResourceManagerService> service)
+ : mReclaimed(false), mPid(pid), mService(service) {}
virtual bool reclaimResource() {
sp<IResourceManagerClient> client(this);
- mService->removeResource((int64_t) client.get());
+ mService->removeResource(mPid, (int64_t) client.get());
mReclaimed = true;
return true;
}
@@ -72,6 +76,7 @@
private:
bool mReclaimed;
+ int mPid;
sp<ResourceManagerService> mService;
DISALLOW_EVIL_CONSTRUCTORS(TestClient);
};
@@ -87,9 +92,9 @@
public:
ResourceManagerServiceTest()
: mService(new ResourceManagerService(new TestProcessInfo)),
- mTestClient1(new TestClient(mService)),
- mTestClient2(new TestClient(mService)),
- mTestClient3(new TestClient(mService)) {
+ mTestClient1(new TestClient(kTestPid1, mService)),
+ mTestClient2(new TestClient(kTestPid2, mService)),
+ mTestClient3(new TestClient(kTestPid2, mService)) {
}
protected:
@@ -144,24 +149,24 @@
// kTestPid1 mTestClient1
Vector<MediaResource> resources1;
resources1.push_back(MediaResource(String8(kResourceSecureCodec), 1));
- mService->addResource(kTestPid1, (int64_t) mTestClient1.get(), mTestClient1, resources1);
+ mService->addResource(kTestPid1, getId(mTestClient1), mTestClient1, resources1);
resources1.push_back(MediaResource(String8(kResourceGraphicMemory), 200));
Vector<MediaResource> resources11;
resources11.push_back(MediaResource(String8(kResourceGraphicMemory), 200));
- mService->addResource(kTestPid1, (int64_t) mTestClient1.get(), mTestClient1, resources11);
+ mService->addResource(kTestPid1, getId(mTestClient1), mTestClient1, resources11);
// kTestPid2 mTestClient2
Vector<MediaResource> resources2;
resources2.push_back(MediaResource(String8(kResourceNonSecureCodec), 1));
resources2.push_back(MediaResource(String8(kResourceGraphicMemory), 300));
- mService->addResource(kTestPid2, (int64_t) mTestClient2.get(), mTestClient2, resources2);
+ mService->addResource(kTestPid2, getId(mTestClient2), mTestClient2, resources2);
// kTestPid2 mTestClient3
Vector<MediaResource> resources3;
- mService->addResource(kTestPid2, (int64_t) mTestClient3.get(), mTestClient3, resources3);
+ mService->addResource(kTestPid2, getId(mTestClient3), mTestClient3, resources3);
resources3.push_back(MediaResource(String8(kResourceSecureCodec), 1));
resources3.push_back(MediaResource(String8(kResourceGraphicMemory), 100));
- mService->addResource(kTestPid2, (int64_t) mTestClient3.get(), mTestClient3, resources3);
+ mService->addResource(kTestPid2, getId(mTestClient3), mTestClient3, resources3);
const PidResourceInfosMap &map = mService->mMap;
EXPECT_EQ(2u, map.size());
@@ -213,7 +218,7 @@
void testRemoveResource() {
addResource();
- mService->removeResource((int64_t) mTestClient2.get());
+ mService->removeResource(kTestPid2, getId(mTestClient2));
const PidResourceInfosMap &map = mService->mMap;
EXPECT_EQ(2u, map.size());
@@ -431,7 +436,7 @@
verifyClients(true /* c1 */, false /* c2 */, false /* c3 */);
// clean up client 3 which still left
- mService->removeResource((int64_t) mTestClient3.get());
+ mService->removeResource(kTestPid2, getId(mTestClient3));
}
}