aaudio: protect against null client AAudioService would fail if a null client was passed. Two null checks were added. One where we know the null client first appears. And one where the client is first used in case other calls are passing null. Bug: 116230453 Test: Bug has a POC apk that triggers the bug. Test: Look for messages like: Test: AAudio : BnAAudioService::onTransact() client is NULL! Change-Id: Id9c4fc154226ab40df97335da8bc9361cfc99a73

commit: ef7eaaf8d873e9d832673fd0a8e07371fa47a0a0 [log] [tgz]
author: Phil Burk <philburk@google.com> Wed May 01 11:26:35 2019 -0700
committer: Phil Burk <philburk@google.com> Thu May 02 12:51:47 2019 -0700
tree: 16af72980d4c2e09fb45be30e44a52eb4575236a
parent: 2ddd17ca5c49fe02c459b7026d4c271bf76c4e3c [diff] [blame]
diff --git a/services/oboeservice/AAudioClientTracker.cpp b/services/oboeservice/AAudioClientTracker.cpp
index 83704ba..8572561 100644
--- a/services/oboeservice/AAudioClientTracker.cpp
+++ b/services/oboeservice/AAudioClientTracker.cpp

@@ -67,6 +67,12 @@
                                          const sp<IAAudioClient>& client) {
     ALOGV("registerClient(), calling pid = %d, getpid() = %d\n", pid, getpid());
 
+    if (client.get() == nullptr) {
+        ALOGE("AAudioClientTracker::%s() client is NULL!", __func__);
+        android_errorWriteLog(0x534e4554, "116230453");
+        return AAUDIO_ERROR_NULL;
+    }
+
     std::lock_guard<std::mutex> lock(mLock);
     if (mNotificationClients.count(pid) == 0) {
         sp<NotificationClient> notificationClient = new NotificationClient(pid);
commit	ef7eaaf8d873e9d832673fd0a8e07371fa47a0a0	[log] [tgz]
author	Phil Burk <philburk@google.com>	Wed May 01 11:26:35 2019 -0700
committer	Phil Burk <philburk@google.com>	Thu May 02 12:51:47 2019 -0700
tree	16af72980d4c2e09fb45be30e44a52eb4575236a
parent	2ddd17ca5c49fe02c459b7026d4c271bf76c4e3c [diff] [blame]