Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / 663c2247b71086e30bfd3192979d1dd7f15c539e^! / . / services / audioflinger / Tracks.cpp
commit663c2247b71086e30bfd3192979d1dd7f15c539e[log] [tgz]
authorGlenn Kasten <gkasten@google.com>Tue Sep 24 11:52:37 2013 -0700
committerGlenn Kasten <gkasten@google.com>Wed Nov 20 14:17:01 2013 -0800
treecaedda5629d70de2fcab7506a81852e6c62ea473
parent30ff92cba19c5acd747631365db1e1084e45ab34 [diff] [blame]
Consistent error checking for sp<IMemory> and pointer()

There have been concerns that an sp<IMemory> could be non-0, but the
associated pointer() still be NULL.  There are rumors this may happen
when a non-0 sp<IMemory> is passed in by client but the shared memory cannot
be re-mapped into mediaserver.

There's also evidence in the early (2009/03/03) pre-git code of checking
pointer() for NULL, after a local allocate() returned a non-0 sp<IMemory>.
It's not clear if this is "cargo cult" paranoia, or if there was a
genuine reason for the check.

In any case, we now consistently check pointer() for sp<IMemory>
input parameters in createTrack() and queueTimedBuffer().

We also check after successful allocate().  If allocate() returns a
non-0 sp<> but NULL pointer(), then treat it as if the allocate() had
returned 0.

Change-Id: I3013ac5766b493d443ecef71711ec861076a623e

diff --git a/services/audioflinger/Tracks.cpp b/services/audioflinger/Tracks.cpp
index 272175e..53196c8 100644
--- a/services/audioflinger/Tracks.cpp
+++ b/services/audioflinger/Tracks.cpp

@@ -116,12 +116,11 @@
 
     if (client != 0) {
         mCblkMemory = client->heap()->allocate(size);
-        if (mCblkMemory != 0) {
-            mCblk = static_cast<audio_track_cblk_t *>(mCblkMemory->pointer());
-            // can't assume mCblk != NULL
-        } else {
+        if (mCblkMemory == 0 ||
+                (mCblk = static_cast<audio_track_cblk_t *>(mCblkMemory->pointer())) == NULL) {
             ALOGE("not enough memory for AudioTrack size=%u", size);
             client->heap()->dump("AudioTrack");
+            mCblkMemory.clear();
             return;
         }
     } else {
@@ -275,6 +274,11 @@
     if (!mTrack->isTimedTrack())
         return INVALID_OPERATION;
 
+    if (buffer == 0 || buffer->pointer() == NULL) {
+        ALOGE("queueTimedBuffer() buffer is 0 or has NULL pointer()");
+        return BAD_VALUE;
+    }
+
     PlaybackThread::TimedTrack* tt =
             reinterpret_cast<PlaybackThread::TimedTrack*>(mTrack.get());
     return tt->queueTimedBuffer(buffer, pts);
@@ -1060,7 +1064,7 @@
     }
 
     sp<IMemory> newBuffer = mTimedMemoryDealer->allocate(size);
-    if (newBuffer == 0) {
+    if (newBuffer == 0 || newBuffer->pointer() == NULL) {
         return NO_MEMORY;
     }