Remove integer sanitization from ringbuffer pointer arithmetic
The AudioTrackShared ringbuffer uses int32 positions and allows overflow.
This confuses the integer sanitization code and makes it panic.
The simplest solution for now seems to be to remove sanitization
from the methods that touch the ringbuffer pointers.
Bug 27680456
Change-Id: Ie4d7daf0fb1e4e223ee97c412af7b1bd9c6916eb
diff --git a/media/libmedia/AudioTrackShared.cpp b/media/libmedia/AudioTrackShared.cpp
index e5d6fc3..285b3f6 100644
--- a/media/libmedia/AudioTrackShared.cpp
+++ b/media/libmedia/AudioTrackShared.cpp
@@ -106,6 +106,7 @@
return clippedSize;
}
+__attribute__((no_sanitize("integer")))
status_t ClientProxy::obtainBuffer(Buffer* buffer, const struct timespec *requested,
struct timespec *elapsed)
{
@@ -331,6 +332,7 @@
return status;
}
+__attribute__((no_sanitize("integer")))
void ClientProxy::releaseBuffer(Buffer* buffer)
{
LOG_ALWAYS_FATAL_IF(buffer == NULL);
@@ -618,6 +620,7 @@
cblk->mBufferSizeInFrames = frameCount;
}
+__attribute__((no_sanitize("integer")))
status_t ServerProxy::obtainBuffer(Buffer* buffer, bool ackFlush)
{
LOG_ALWAYS_FATAL_IF(buffer == NULL || buffer->mFrameCount == 0);
@@ -727,6 +730,7 @@
return NO_INIT;
}
+__attribute__((no_sanitize("integer")))
void ServerProxy::releaseBuffer(Buffer* buffer)
{
LOG_ALWAYS_FATAL_IF(buffer == NULL);
@@ -779,6 +783,7 @@
// ---------------------------------------------------------------------------
+__attribute__((no_sanitize("integer")))
size_t AudioTrackServerProxy::framesReady()
{
LOG_ALWAYS_FATAL_IF(!mIsOut);