CameraMetadata: Add sanity check to avoid accidental memory corruption.
Update shouldn't be called with a pointer from the metadata structure
being updated, since it might be resized. The API really needs rework,
but until that happens, detect this condition and error out.
Bug: 22542551
Change-Id: I896c34d8134ac3b101d050fc8aa5d203a08e7267
diff --git a/camera/CameraMetadata.cpp b/camera/CameraMetadata.cpp
index b96a88f..46bcc1d 100644
--- a/camera/CameraMetadata.cpp
+++ b/camera/CameraMetadata.cpp
@@ -289,6 +289,17 @@
ALOGE("%s: Tag %d not found", __FUNCTION__, tag);
return BAD_VALUE;
}
+ // Safety check - ensure that data isn't pointing to this metadata, since
+ // that would get invalidated if a resize is needed
+ size_t bufferSize = get_camera_metadata_size(mBuffer);
+ uintptr_t bufAddr = reinterpret_cast<uintptr_t>(mBuffer);
+ uintptr_t dataAddr = reinterpret_cast<uintptr_t>(data);
+ if (dataAddr > bufAddr && dataAddr < (bufAddr + bufferSize)) {
+ ALOGE("%s: Update attempted with data from the same metadata buffer!",
+ __FUNCTION__);
+ return INVALID_OPERATION;
+ }
+
size_t data_size = calculate_camera_metadata_entry_data_size(type,
data_count);