Merge snapshot variant of donut back into the main tree
diff --git a/cmds/keystore/keymgmt.c b/cmds/keystore/keymgmt.c
index 66edd56..c45b53c 100644
--- a/cmds/keystore/keymgmt.c
+++ b/cmds/keystore/keymgmt.c
@@ -79,14 +79,26 @@
{
int size, fd, ret = -1;
unsigned char enc_blob[MAX_BLOB_LEN];
-
char tmpfile[KEYFILE_LEN];
+
+ if ((keyfile == NULL) || (strlen(keyfile) >= (KEYFILE_LEN - 4))) {
+ LOGE("keyfile name is too long or null");
+ return -1;
+ }
strcpy(tmpfile, keyfile);
strcat(tmpfile, ".tmp");
// prepare the blob
+ if (IV_LEN > USER_KEY_LEN) {
+ LOGE("iv length is too long.");
+ return -1;
+ }
memcpy(blob->iv, iv, IV_LEN);
blob->blob_size = get_blob_size(blob);
+ if (blob->blob_size > MAX_BLOB_LEN) {
+ LOGE("blob data size is too large.");
+ return -1;
+ }
memcpy(enc_blob, blob->blob, blob->blob_size);
AES_cbc_encrypt((unsigned char *)enc_blob, (unsigned char *)blob->blob,
blob->blob_size, enc_key, iv, AES_ENCRYPT);
@@ -133,8 +145,13 @@
DATA_BLOB blob;
// prepare the blob
+ if (strlen(MASTER_KEY_TAG) >= USER_KEY_LEN) return -1;
strlcpy(blob.keyname, MASTER_KEY_TAG, USER_KEY_LEN);
blob.value_size = USER_KEY_LEN;
+ if (USER_KEY_LEN > MAX_KEY_VALUE_LENGTH) {
+ LOGE("master_key length is too long.");
+ return -1;
+ }
memcpy((void*)blob.value, (const void*)master_key, USER_KEY_LEN);
// generate the encryption key
@@ -150,6 +167,10 @@
get_decrypt_key(upasswd, &key);
ret = load_n_decrypt(MASTER_KEY_TAG, MASTER_KEY, &key, &blob);
+ if (blob.value_size > USER_KEY_LEN) {
+ LOGE("the blob's value size is too large");
+ return -1;
+ }
if (!ret) memcpy(master_key, blob.value, blob.value_size);
return ret;
}
@@ -224,8 +245,16 @@
}
sprintf(keyfile, KEYFILE_NAME, namespace, keyname);
// flatten the args
+ if (strlen(keyname) >= MAX_KEY_NAME_LENGTH) {
+ LOGE("keyname is too long.");
+ return -1;
+ }
strcpy(blob.keyname, keyname);
blob.value_size = size;
+ if (size > MAX_KEY_VALUE_LENGTH) {
+ LOGE("the data size is too large.");
+ return -1;
+ }
memcpy(blob.value, data, size);
return encrypt_n_save(&encryptKey, &blob, keyfile);
}
@@ -246,6 +275,7 @@
ret = load_n_decrypt(keyname, keyfile, &decryptKey, &blob);
if (!ret) {
if ((blob.value_size > MAX_KEY_VALUE_LENGTH)) {
+ LOGE("blob value size is too large.");
ret = -1;
} else {
*size = blob.value_size;
diff --git a/libs/surfaceflinger/DisplayHardware/DisplayHardware.cpp b/libs/surfaceflinger/DisplayHardware/DisplayHardware.cpp
index eec645e..ab02fa0 100644
--- a/libs/surfaceflinger/DisplayHardware/DisplayHardware.cpp
+++ b/libs/surfaceflinger/DisplayHardware/DisplayHardware.cpp
@@ -197,6 +197,9 @@
LOGW("ro.sf.lcd_density not defined, using 160 dpi by default.");
strcpy(property, "160");
}
+ } else {
+ /* for the emulator case, reset the dpi values too */
+ mDpiX = mDpiY = atoi(property);
}
mDensity = atoi(property) * (1.0f/160.0f);
diff --git a/libs/surfaceflinger/SurfaceFlinger.cpp b/libs/surfaceflinger/SurfaceFlinger.cpp
index fb25663..97dfecc 100644
--- a/libs/surfaceflinger/SurfaceFlinger.cpp
+++ b/libs/surfaceflinger/SurfaceFlinger.cpp
@@ -691,9 +691,14 @@
// some layers might have been removed, so
// we need to update the regions they're exposing.
- size_t c = mRemovedLayers.size();
+ const SortedVector<LayerBase*>& removedLayers(mRemovedLayers);
+ size_t c = removedLayers.size();
if (c) {
mVisibleRegionsDirty = true;
+ while (c--) {
+ mDirtyRegionRemovedLayer.orSelf(
+ removedLayers[c]->visibleRegionScreen);
+ }
}
const LayerVector& currentLayers = mCurrentState.layersSortedByZ;
@@ -733,17 +738,15 @@
layer->validateVisibility(planeTransform);
// start with the whole surface at its current location
- const Layer::State& s = layer->drawingState();
- const Rect bounds(layer->visibleBounds());
+ const Layer::State& s(layer->drawingState());
// handle hidden surfaces by setting the visible region to empty
Region opaqueRegion;
Region visibleRegion;
Region coveredRegion;
- if (UNLIKELY((s.flags & ISurfaceComposer::eLayerHidden) || !s.alpha)) {
- visibleRegion.clear();
- } else {
+ if (LIKELY(!(s.flags & ISurfaceComposer::eLayerHidden) && s.alpha)) {
const bool translucent = layer->needsBlending();
+ const Rect bounds(layer->visibleBounds());
visibleRegion.set(bounds);
coveredRegion = visibleRegion;
@@ -790,12 +793,16 @@
layer->setVisibleRegion(visibleRegion);
layer->setCoveredRegion(coveredRegion);
- // If a secure layer is partially visible, lockdown the screen!
+ // If a secure layer is partially visible, lock-down the screen!
if (layer->isSecure() && !visibleRegion.isEmpty()) {
secureFrameBuffer = true;
}
}
+ // invalidate the areas where a layer was removed
+ dirtyRegion.orSelf(mDirtyRegionRemovedLayer);
+ mDirtyRegionRemovedLayer.clear();
+
mSecureFrameBuffer = secureFrameBuffer;
opaqueRegion = aboveOpaqueLayers;
}
diff --git a/libs/surfaceflinger/SurfaceFlinger.h b/libs/surfaceflinger/SurfaceFlinger.h
index 15913f2..0d63e1d 100644
--- a/libs/surfaceflinger/SurfaceFlinger.h
+++ b/libs/surfaceflinger/SurfaceFlinger.h
@@ -351,6 +351,7 @@
// Can only accessed from the main thread, these members
// don't need synchronization
Region mDirtyRegion;
+ Region mDirtyRegionRemovedLayer;
Region mInvalidRegion;
Region mWormholeRegion;
Client* mLastScheduledBroadcast;