Merge "NuPlayer2CCDecoder: Add bound check before memcpy" into pi-dev
diff --git a/cmds/screenrecord/screenrecord.cpp b/cmds/screenrecord/screenrecord.cpp
index 4603515..d1859d1 100644
--- a/cmds/screenrecord/screenrecord.cpp
+++ b/cmds/screenrecord/screenrecord.cpp
@@ -140,14 +140,6 @@
}
/*
- * Returns "true" if the device is rotated 90 degrees.
- */
-static bool isDeviceRotated(int orientation) {
- return orientation != DISPLAY_ORIENTATION_0 &&
- orientation != DISPLAY_ORIENTATION_180;
-}
-
-/*
* Configures and starts the MediaCodec encoder. Obtains an input surface
* from the codec.
*/
@@ -242,22 +234,11 @@
const DisplayInfo& mainDpyInfo) {
// Set the region of the layer stack we're interested in, which in our
- // case is "all of it". If the app is rotated (so that the width of the
- // app is based on the height of the display), reverse width/height.
- bool deviceRotated = isDeviceRotated(mainDpyInfo.orientation);
- uint32_t sourceWidth, sourceHeight;
- if (!deviceRotated) {
- sourceWidth = mainDpyInfo.w;
- sourceHeight = mainDpyInfo.h;
- } else {
- ALOGV("using rotated width/height");
- sourceHeight = mainDpyInfo.w;
- sourceWidth = mainDpyInfo.h;
- }
- Rect layerStackRect(sourceWidth, sourceHeight);
+ // case is "all of it".
+ Rect layerStackRect(mainDpyInfo.w, mainDpyInfo.h);
// We need to preserve the aspect ratio of the display.
- float displayAspect = (float) sourceHeight / (float) sourceWidth;
+ float displayAspect = (float) mainDpyInfo.h / (float) mainDpyInfo.w;
// Set the way we map the output onto the display surface (which will
@@ -334,6 +315,22 @@
}
/*
+ * Set the main display width and height to the actual width and height
+ */
+static status_t getActualDisplaySize(const sp<IBinder>& mainDpy, DisplayInfo* mainDpyInfo) {
+ Rect viewport;
+ status_t err = SurfaceComposerClient::getDisplayViewport(mainDpy, &viewport);
+ if (err != NO_ERROR) {
+ fprintf(stderr, "ERROR: unable to get display viewport\n");
+ return err;
+ }
+ mainDpyInfo->w = viewport.width();
+ mainDpyInfo->h = viewport.height();
+
+ return NO_ERROR;
+}
+
+/*
* Runs the MediaCodec encoder, sending the output to the MediaMuxer. The
* input frames are coming from the virtual display as fast as SurfaceFlinger
* wants to send them.
@@ -403,14 +400,22 @@
// useful stuff is hard to get at without a Dalvik VM.
err = SurfaceComposerClient::getDisplayInfo(mainDpy,
&mainDpyInfo);
- if (err != NO_ERROR) {
+ if (err == NO_ERROR) {
+ err = getActualDisplaySize(mainDpy, &mainDpyInfo);
+ if (err != NO_ERROR) {
+ fprintf(stderr, "ERROR: unable to set actual display size\n");
+ return err;
+ }
+
+ if (orientation != mainDpyInfo.orientation) {
+ ALOGD("orientation changed, now %d", mainDpyInfo.orientation);
+ SurfaceComposerClient::Transaction t;
+ setDisplayProjection(t, virtualDpy, mainDpyInfo);
+ t.apply();
+ orientation = mainDpyInfo.orientation;
+ }
+ } else {
ALOGW("getDisplayInfo(main) failed: %d", err);
- } else if (orientation != mainDpyInfo.orientation) {
- ALOGD("orientation changed, now %d", mainDpyInfo.orientation);
- SurfaceComposerClient::Transaction t;
- setDisplayProjection(t, virtualDpy, mainDpyInfo);
- t.apply();
- orientation = mainDpyInfo.orientation;
}
}
@@ -552,6 +557,10 @@
return rawFp;
}
+static inline uint32_t floorToEven(uint32_t num) {
+ return num & ~1;
+}
+
/*
* Main "do work" start point.
*
@@ -579,6 +588,13 @@
fprintf(stderr, "ERROR: unable to get display characteristics\n");
return err;
}
+
+ err = getActualDisplaySize(mainDpy, &mainDpyInfo);
+ if (err != NO_ERROR) {
+ fprintf(stderr, "ERROR: unable to set actual display size\n");
+ return err;
+ }
+
if (gVerbose) {
printf("Main display is %dx%d @%.2ffps (orientation=%u)\n",
mainDpyInfo.w, mainDpyInfo.h, mainDpyInfo.fps,
@@ -586,12 +602,12 @@
fflush(stdout);
}
- bool rotated = isDeviceRotated(mainDpyInfo.orientation);
+ // Encoder can't take odd number as config
if (gVideoWidth == 0) {
- gVideoWidth = rotated ? mainDpyInfo.h : mainDpyInfo.w;
+ gVideoWidth = floorToEven(mainDpyInfo.w);
}
if (gVideoHeight == 0) {
- gVideoHeight = rotated ? mainDpyInfo.w : mainDpyInfo.h;
+ gVideoHeight = floorToEven(mainDpyInfo.h);
}
// Configure and start the encoder.
diff --git a/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.cpp b/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.cpp
index 73ed8c3..1558e8b 100644
--- a/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.cpp
+++ b/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.cpp
@@ -118,9 +118,9 @@
status_t ClearKeyCasPlugin::closeSession(const CasSessionId &sessionId) {
ALOGV("closeSession: sessionId=%s", sessionIdToString(sessionId).string());
- sp<ClearKeyCasSession> session =
+ std::shared_ptr<ClearKeyCasSession> session =
ClearKeySessionLibrary::get()->findSession(sessionId);
- if (session == NULL) {
+ if (session.get() == nullptr) {
return ERROR_CAS_SESSION_NOT_OPENED;
}
@@ -132,9 +132,9 @@
const CasSessionId &sessionId, const CasData & /*data*/) {
ALOGV("setSessionPrivateData: sessionId=%s",
sessionIdToString(sessionId).string());
- sp<ClearKeyCasSession> session =
+ std::shared_ptr<ClearKeyCasSession> session =
ClearKeySessionLibrary::get()->findSession(sessionId);
- if (session == NULL) {
+ if (session.get() == nullptr) {
return ERROR_CAS_SESSION_NOT_OPENED;
}
return OK;
@@ -143,9 +143,9 @@
status_t ClearKeyCasPlugin::processEcm(
const CasSessionId &sessionId, const CasEcm& ecm) {
ALOGV("processEcm: sessionId=%s", sessionIdToString(sessionId).string());
- sp<ClearKeyCasSession> session =
+ std::shared_ptr<ClearKeyCasSession> session =
ClearKeySessionLibrary::get()->findSession(sessionId);
- if (session == NULL) {
+ if (session.get() == nullptr) {
return ERROR_CAS_SESSION_NOT_OPENED;
}
@@ -418,15 +418,15 @@
const CasSessionId &sessionId) {
ALOGV("setMediaCasSession: sessionId=%s", sessionIdToString(sessionId).string());
- sp<ClearKeyCasSession> session =
+ std::shared_ptr<ClearKeyCasSession> session =
ClearKeySessionLibrary::get()->findSession(sessionId);
- if (session == NULL) {
+ if (session.get() == nullptr) {
ALOGE("ClearKeyDescramblerPlugin: session not found");
return ERROR_CAS_SESSION_NOT_OPENED;
}
- mCASSession = session;
+ std::atomic_store(&mCASSession, session);
return OK;
}
@@ -447,12 +447,14 @@
subSamplesToString(subSamples, numSubSamples).string(),
srcPtr, dstPtr, srcOffset, dstOffset);
- if (mCASSession == NULL) {
+ std::shared_ptr<ClearKeyCasSession> session = std::atomic_load(&mCASSession);
+
+ if (session.get() == nullptr) {
ALOGE("Uninitialized CAS session!");
return ERROR_CAS_DECRYPT_UNIT_NOT_INITIALIZED;
}
- return mCASSession->decrypt(
+ return session->decrypt(
secure, scramblingControl,
numSubSamples, subSamples,
(uint8_t*)srcPtr + srcOffset,
diff --git a/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.h b/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.h
index 42cfb8f..389e172 100644
--- a/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.h
+++ b/drm/mediacas/plugins/clearkey/ClearKeyCasPlugin.h
@@ -120,7 +120,7 @@
AString *errorDetailMsg) override;
private:
- sp<ClearKeyCasSession> mCASSession;
+ std::shared_ptr<ClearKeyCasSession> mCASSession;
String8 subSamplesToString(
SubSample const *subSamples,
diff --git a/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.cpp b/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.cpp
index 4b4051d..3bb1176 100644
--- a/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.cpp
+++ b/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.cpp
@@ -56,7 +56,7 @@
Mutex::Autolock lock(mSessionsLock);
- sp<ClearKeyCasSession> session = new ClearKeyCasSession(plugin);
+ std::shared_ptr<ClearKeyCasSession> session(new ClearKeyCasSession(plugin));
uint8_t *byteArray = (uint8_t *) &mNextSessionId;
sessionId->push_back(byteArray[3]);
@@ -69,7 +69,7 @@
return OK;
}
-sp<ClearKeyCasSession> ClearKeySessionLibrary::findSession(
+std::shared_ptr<ClearKeyCasSession> ClearKeySessionLibrary::findSession(
const CasSessionId& sessionId) {
Mutex::Autolock lock(mSessionsLock);
@@ -88,7 +88,7 @@
return;
}
- sp<ClearKeyCasSession> session = mIDToSessionMap.valueAt(index);
+ std::shared_ptr<ClearKeyCasSession> session = mIDToSessionMap.valueAt(index);
mIDToSessionMap.removeItemsAt(index);
}
@@ -96,7 +96,7 @@
Mutex::Autolock lock(mSessionsLock);
for (ssize_t index = (ssize_t)mIDToSessionMap.size() - 1; index >= 0; index--) {
- sp<ClearKeyCasSession> session = mIDToSessionMap.valueAt(index);
+ std::shared_ptr<ClearKeyCasSession> session = mIDToSessionMap.valueAt(index);
if (session->getPlugin() == plugin) {
mIDToSessionMap.removeItemsAt(index);
}
diff --git a/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.h b/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.h
index 01f5f47..a537e63 100644
--- a/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.h
+++ b/drm/mediacas/plugins/clearkey/ClearKeySessionLibrary.h
@@ -32,6 +32,10 @@
class ClearKeyCasSession : public RefBase {
public:
+ explicit ClearKeyCasSession(CasPlugin *plugin);
+
+ virtual ~ClearKeyCasSession();
+
ssize_t decrypt(
bool secure,
DescramblerPlugin::ScramblingControl scramblingControl,
@@ -58,8 +62,6 @@
friend class ClearKeySessionLibrary;
- explicit ClearKeyCasSession(CasPlugin *plugin);
- virtual ~ClearKeyCasSession();
CasPlugin* getPlugin() const { return mPlugin; }
status_t decryptPayload(
const AES_KEY& key, size_t length, size_t offset, char* buffer) const;
@@ -73,7 +75,7 @@
status_t addSession(CasPlugin *plugin, CasSessionId *sessionId);
- sp<ClearKeyCasSession> findSession(const CasSessionId& sessionId);
+ std::shared_ptr<ClearKeyCasSession> findSession(const CasSessionId& sessionId);
void destroySession(const CasSessionId& sessionId);
@@ -85,7 +87,7 @@
Mutex mSessionsLock;
uint32_t mNextSessionId;
- KeyedVector<CasSessionId, sp<ClearKeyCasSession>> mIDToSessionMap;
+ KeyedVector<CasSessionId, std::shared_ptr<ClearKeyCasSession>> mIDToSessionMap;
ClearKeySessionLibrary();
DISALLOW_EVIL_CONSTRUCTORS(ClearKeySessionLibrary);
diff --git a/media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp b/media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp
index 26bc25c..df6cd03 100644
--- a/media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp
+++ b/media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp
@@ -299,7 +299,11 @@
}
- bytes_to_discard = pVars->frame_start - pVars->sideInfo.main_data_begin - main_data_end;
+ // force signed computation; buffer sizes and offsets are all going to be
+ // well within the constraints of 32-bit signed math.
+ bytes_to_discard = pVars->frame_start
+ - ((int32)pVars->sideInfo.main_data_begin)
+ - ((int32)main_data_end);
if (main_data_end > BUFSIZE) /* check overflow on the buffer */
diff --git a/media/libstagefright/codecs/mp3dec/src/pvmp3_get_side_info.cpp b/media/libstagefright/codecs/mp3dec/src/pvmp3_get_side_info.cpp
index 7eaa860..e55c2e7 100644
--- a/media/libstagefright/codecs/mp3dec/src/pvmp3_get_side_info.cpp
+++ b/media/libstagefright/codecs/mp3dec/src/pvmp3_get_side_info.cpp
@@ -154,7 +154,7 @@
tmp = getbits_crc(inputStream, 22, crc, info->error_protection);
si->ch[ch].gran[gr].big_values = (tmp << 10) >> 23; /* 9 */
- si->ch[ch].gran[gr].global_gain = ((tmp << 19) >> 24) - 210; /* 8 */
+ si->ch[ch].gran[gr].global_gain = (int32)((tmp << 19) >> 24) - 210; /* 8 */
si->ch[ch].gran[gr].scalefac_compress = (tmp << 27) >> 28; /* 4 */
si->ch[ch].gran[gr].window_switching_flag = tmp & 1; /* 1 */
diff --git a/media/libstagefright/codecs/mp3dec/src/pvmp3_stereo_proc.cpp b/media/libstagefright/codecs/mp3dec/src/pvmp3_stereo_proc.cpp
index 10edfc3..4338c43 100644
--- a/media/libstagefright/codecs/mp3dec/src/pvmp3_stereo_proc.cpp
+++ b/media/libstagefright/codecs/mp3dec/src/pvmp3_stereo_proc.cpp
@@ -178,6 +178,10 @@
; FUNCTION CODE
----------------------------------------------------------------------------*/
+#if __has_attribute(no_sanitize)
+// deliberately playing near overflow points of int32
+__attribute__((no_sanitize("integer")))
+#endif
void pvmp3_st_mid_side(int32 xr[SUBBANDS_NUMBER*FILTERBANK_BANDS],
int32 xl[SUBBANDS_NUMBER*FILTERBANK_BANDS],
int32 Start,
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index c41de82..2bf42b6 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -2434,7 +2434,8 @@
return isUidActiveLocked(uid, callingPackage);
}
-static const int kPollUidActiveTimeoutMillis = 50;
+static const int64_t kPollUidActiveTimeoutTotalMillis = 300;
+static const int64_t kPollUidActiveTimeoutMillis = 50;
bool CameraService::UidPolicy::isUidActiveLocked(uid_t uid, String16 callingPackage) {
// Non-app UIDs are considered always active
@@ -2462,7 +2463,8 @@
// activity being resumed. The proper fix is very risky, so we temporary add
// some polling which should happen pretty rarely anyway as the race is hard
// to hit.
- active = am.isUidActive(uid, callingPackage);
+ active = mActiveUids.find(uid) != mActiveUids.end();
+ if (!active) active = am.isUidActive(uid, callingPackage);
if (active) {
break;
}
@@ -2470,11 +2472,15 @@
startTimeMillis = uptimeMillis();
}
int64_t ellapsedTimeMillis = uptimeMillis() - startTimeMillis;
- int64_t remainingTimeMillis = kPollUidActiveTimeoutMillis - ellapsedTimeMillis;
+ int64_t remainingTimeMillis = kPollUidActiveTimeoutTotalMillis - ellapsedTimeMillis;
if (remainingTimeMillis <= 0) {
break;
}
+ remainingTimeMillis = std::min(kPollUidActiveTimeoutMillis, remainingTimeMillis);
+
+ mUidLock.unlock();
usleep(remainingTimeMillis * 1000);
+ mUidLock.lock();
} while (true);
if (active) {