commit b861016d9c9ba20f3ca7b5b64800e1e254e75c31
author Avichal Rakesh <arakesh@google.com> Wed Nov 08 18:21:10 2023 -0800
committer Avichal Rakesh <arakesh@google.com> Tue Nov 14 20:52:35 2023 +0000
tree bb0f1241f74942722f208d2e9ed163d150517636
parent 6e7e4e4a785d33cfa1a36b44aa245ae1cc797894

cameraservice: handle invalid native_handle from vndk impl

Cameraservice creates a H2BGraphicBufferProducer from a
native_handle_t. However, for native_handles that don't originate
from AImageReader_getWindowNativeHandle, the conversion returns
a nullptr. If this value is not checked, this results in cameraservice
crashing further down the stack.

This CL add a nullptr check and skips adding the IGBP if the
native_handle is malformed or invalid.

Bug: 309752167
Test: Verified by partner
Change-Id: I2e853f55d32f3cfe2fa51781f4eb87ee3de6607a

services/camera/libcameraservice/aidl/AidlUtils.cpp

diff --git a/services/camera/libcameraservice/aidl/AidlUtils.cpp b/services/camera/libcameraservice/aidl/AidlUtils.cpp
index 7291c5f..2225cfe 100644
--- a/services/camera/libcameraservice/aidl/AidlUtils.cpp
+++ b/services/camera/libcameraservice/aidl/AidlUtils.cpp
@@ -78,7 +78,13 @@
 
     for (auto &handle : windowHandles) {
         native_handle_t* nh = makeFromAidl(handle);
-        iGBPs.push_back(new H2BGraphicBufferProducer(AImageReader_getHGBPFromHandle(nh)));
+        auto igbp = AImageReader_getHGBPFromHandle(nh);
+        if (igbp == nullptr) {
+            ALOGE("%s: Could not get HGBP from NativeHandle: %s. Skipping.",
+                    __FUNCTION__, handle.toString().c_str());
+            continue;
+        }
+        iGBPs.push_back(new H2BGraphicBufferProducer(igbp));
         native_handle_delete(nh);
     }
     UOutputConfiguration outputConfiguration(