cameraservice: memcpy AIDL header instead of directly writing buffer
camera_jpeg_blob_t and AIDL's CameraBlob might have different sizes and
memory alignment requirement on some systems. Instead of attempting to
modify the buffer through a struct pointer, this CL uses memcpy to
replace the end of the buffer with the content of the AIDL header. This
ensures that reading and writing the header always succeeds regardless
of size and location of the jpeg buffer in memory.
Bug: 233986162
Test: Camera CTS Passes, and verified by partner
Change-Id: Ifcb03c98863108d9b278934b917d2e2c70160c8f
diff --git a/services/camera/libcameraservice/device3/Camera3OutputStream.cpp b/services/camera/libcameraservice/device3/Camera3OutputStream.cpp
index d2167e3..da1cf09 100644
--- a/services/camera/libcameraservice/device3/Camera3OutputStream.cpp
+++ b/services/camera/libcameraservice/device3/Camera3OutputStream.cpp
@@ -375,9 +375,11 @@
}
// Fill in JPEG header
- CameraBlob *aidlBlobHeader = reinterpret_cast<CameraBlob *>(aidlHeaderStart);
- aidlBlobHeader->blobId = blobId;
- aidlBlobHeader->blobSizeBytes = blobSizeBytes;
+ CameraBlob aidlHeader = {
+ .blobId = blobId,
+ .blobSizeBytes = static_cast<int32_t>(blobSizeBytes)
+ };
+ memcpy(aidlHeaderStart, &aidlHeader, sizeof(CameraBlob));
graphicBuffer->unlock();
return OK;
}