Merge "DO NOT MERGE: camera2: Disallow connectDevice for all old HALs." into lmp-preview-dev
diff --git a/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp b/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp
index 469c9ca..cfbf282 100644
--- a/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp
+++ b/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp
@@ -37,6 +37,7 @@
: mNotify(notify),
mNativeWindow(nativeWindow),
mBufferGeneration(0),
+ mPaused(true),
mComponentName("decoder") {
// Every decoder has its own looper because MediaCodec operations
// are blocking, but NuPlayer needs asynchronous operations.
@@ -112,6 +113,7 @@
mOutputBuffers.size());
requestCodecNotification();
+ mPaused = false;
}
void NuPlayer::Decoder::requestCodecNotification() {
@@ -352,6 +354,11 @@
sp<AMessage> notify = mNotify->dup();
notify->setInt32("what", kWhatFlushCompleted);
notify->post();
+ mPaused = true;
+}
+
+void NuPlayer::Decoder::onResume() {
+ mPaused = false;
}
void NuPlayer::Decoder::onShutdown() {
@@ -380,6 +387,7 @@
sp<AMessage> notify = mNotify->dup();
notify->setInt32("what", kWhatShutdownCompleted);
notify->post();
+ mPaused = true;
}
void NuPlayer::Decoder::onMessageReceived(const sp<AMessage> &msg) {
@@ -397,7 +405,9 @@
case kWhatCodecNotify:
{
if (!isStaleReply(msg)) {
- while (handleAnInputBuffer()) {
+ if (!mPaused) {
+ while (handleAnInputBuffer()) {
+ }
}
while (handleAnOutputBuffer()) {
@@ -430,6 +440,12 @@
break;
}
+ case kWhatResume:
+ {
+ onResume();
+ break;
+ }
+
case kWhatShutdown:
{
onShutdown();
@@ -447,7 +463,7 @@
}
void NuPlayer::Decoder::signalResume() {
- // nothing to do
+ (new AMessage(kWhatResume, id()))->post();
}
void NuPlayer::Decoder::initiateShutdown() {
diff --git a/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.h b/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.h
index 94243fc..2892584 100644
--- a/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.h
+++ b/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.h
@@ -87,11 +87,13 @@
void onConfigure(const sp<AMessage> &format);
void onFlush();
+ void onResume();
void onInputBufferFilled(const sp<AMessage> &msg);
void onRenderBuffer(const sp<AMessage> &msg);
void onShutdown();
int32_t mBufferGeneration;
+ bool mPaused;
AString mComponentName;
bool supportsSeamlessAudioFormatChange(const sp<AMessage> &targetFormat) const;
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 76546f3..aabe0ec 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -482,11 +482,20 @@
off64_t offset = 0;
status_t err;
while (true) {
+ off64_t orig_offset = offset;
err = parseChunk(&offset, 0);
- if (err == OK) {
- continue;
- }
+ if (offset <= orig_offset) {
+ // only continue parsing if the offset was advanced,
+ // otherwise we might end up in an infinite loop
+ ALOGE("did not advance: 0x%lld->0x%lld", orig_offset, offset);
+ err = ERROR_MALFORMED;
+ break;
+ } else if (err == OK) {
+ continue;
+ } else if (err != UNKNOWN_ERROR) {
+ break;
+ }
uint32_t hdr[2];
if (mDataSource->readAt(offset, hdr, 8) < 8) {
break;
@@ -509,8 +518,6 @@
} else {
mFileMetaData->setCString(kKeyMIMEType, "audio/mp4");
}
-
- mInitCheck = OK;
} else {
mInitCheck = err;
}
@@ -762,8 +769,25 @@
// The smallest valid chunk is 16 bytes long in this case.
return ERROR_MALFORMED;
}
+ } else if (chunk_size == 0) {
+ if (depth == 0) {
+ // atom extends to end of file
+ off64_t sourceSize;
+ if (mDataSource->getSize(&sourceSize) == OK) {
+ chunk_size = (sourceSize - *offset);
+ } else {
+ // XXX could we just pick a "sufficiently large" value here?
+ ALOGE("atom size is 0, and data source has no size");
+ return ERROR_MALFORMED;
+ }
+ } else {
+ // not allowed for non-toplevel atoms, skip it
+ *offset += 4;
+ return OK;
+ }
} else if (chunk_size < 8) {
// The smallest valid chunk is 8 bytes long.
+ ALOGE("invalid chunk size: %d", int(chunk_size));
return ERROR_MALFORMED;
}
diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
index 4fce1b3..8154e59 100644
--- a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
+++ b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
@@ -310,6 +310,10 @@
Mutex::Autolock icl(mBinderSerializationLock);
+ if (bufferProducer == NULL) {
+ ALOGE("%s: bufferProducer must not be null", __FUNCTION__);
+ return BAD_VALUE;
+ }
if (!mDevice.get()) return DEAD_OBJECT;
// Don't create multiple streams for the same target surface