Merge "CameraService: Fix cameraId type of onDeviceStatusChanged"
am: 2dab1fe48b
* commit '2dab1fe48bdf75e1e510ea12e7b5a55ed2692d3f':
CameraService: Fix cameraId type of onDeviceStatusChanged
diff --git a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
index af904a6..14a1a74 100644
--- a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
+++ b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
@@ -3091,7 +3091,10 @@
//ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_GET_PARAM start");
effect_param_t *p = (effect_param_t *)pCmdData;
-
+ if (SIZE_MAX - sizeof(effect_param_t) < (size_t)p->psize) {
+ android_errorWriteLog(0x534e4554, "26347509");
+ return -EINVAL;
+ }
if (pCmdData == NULL || cmdSize < sizeof(effect_param_t) ||
cmdSize < (sizeof(effect_param_t) + p->psize) ||
pReplyData == NULL || replySize == NULL ||
diff --git a/media/libeffects/lvm/wrapper/Reverb/EffectReverb.cpp b/media/libeffects/lvm/wrapper/Reverb/EffectReverb.cpp
index a48a4e3..4dc8b45 100644
--- a/media/libeffects/lvm/wrapper/Reverb/EffectReverb.cpp
+++ b/media/libeffects/lvm/wrapper/Reverb/EffectReverb.cpp
@@ -1956,7 +1956,10 @@
//ALOGV("\tReverb_command cmdCode Case: "
// "EFFECT_CMD_GET_PARAM start");
effect_param_t *p = (effect_param_t *)pCmdData;
-
+ if (SIZE_MAX - sizeof(effect_param_t) < (size_t)p->psize) {
+ android_errorWriteLog(0x534e4554, "26347509");
+ return -EINVAL;
+ }
if (pCmdData == NULL || cmdSize < sizeof(effect_param_t) ||
cmdSize < (sizeof(effect_param_t) + p->psize) ||
pReplyData == NULL || replySize == NULL ||
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index a398ff7..22f8af7 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp
@@ -321,7 +321,9 @@
if (overflow || sumSubsampleSizes != totalSize) {
result = -EINVAL;
- } else if (offset + totalSize > sharedBuffer->size()) {
+ } else if (totalSize > sharedBuffer->size()) {
+ result = -EINVAL;
+ } else if ((size_t)offset > sharedBuffer->size() - totalSize) {
result = -EINVAL;
} else {
result = decrypt(
diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp
index 7dd8c78..4ec2ac4 100644
--- a/media/libmediaplayerservice/MediaPlayerService.cpp
+++ b/media/libmediaplayerservice/MediaPlayerService.cpp
@@ -1889,8 +1889,13 @@
void MediaPlayerService::AudioOutput::close()
{
ALOGV("close");
- Mutex::Autolock lock(mLock);
- close_l();
+ sp<AudioTrack> track;
+ {
+ Mutex::Autolock lock(mLock);
+ track = mTrack;
+ close_l(); // clears mTrack
+ }
+ // destruction of the track occurs outside of mutex.
}
void MediaPlayerService::AudioOutput::setVolume(float left, float right)
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 13b6fce..370e53e 100755
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -4545,7 +4545,15 @@
continue;
}
- CHECK(dstOffset + 4 <= mBuffer->size());
+ if (dstOffset > SIZE_MAX - 4 ||
+ dstOffset + 4 > SIZE_MAX - nalLength ||
+ dstOffset + 4 + nalLength > mBuffer->size()) {
+ ALOGE("b/26365349 : %zu %zu", dstOffset, mBuffer->size());
+ android_errorWriteLog(0x534e4554, "26365349");
+ mBuffer->release();
+ mBuffer = NULL;
+ return ERROR_MALFORMED;
+ }
dstData[dstOffset++] = 0;
dstData[dstOffset++] = 0;
diff --git a/media/libstagefright/codecs/m4v_h263/enc/SoftMPEG4Encoder.cpp b/media/libstagefright/codecs/m4v_h263/enc/SoftMPEG4Encoder.cpp
index 8240f83..f2a4e65 100644
--- a/media/libstagefright/codecs/m4v_h263/enc/SoftMPEG4Encoder.cpp
+++ b/media/libstagefright/codecs/m4v_h263/enc/SoftMPEG4Encoder.cpp
@@ -37,6 +37,10 @@
#include <inttypes.h>
+#ifndef INT32_MAX
+#define INT32_MAX 2147483647
+#endif
+
namespace android {
template<class T>
@@ -137,6 +141,11 @@
if (mColorFormat != OMX_COLOR_FormatYUV420Planar || mInputDataIsMeta) {
// Color conversion is needed.
free(mInputFrameData);
+ mInputFrameData = NULL;
+ if (((uint64_t)mWidth * mHeight) > ((uint64_t)INT32_MAX / 3)) {
+ ALOGE("b/25812794, Buffer size is too big.");
+ return OMX_ErrorBadParameter;
+ }
mInputFrameData =
(uint8_t *) malloc((mWidth * mHeight * 3 ) >> 1);
CHECK(mInputFrameData != NULL);
diff --git a/media/libstagefright/codecs/on2/enc/SoftVPXEncoder.cpp b/media/libstagefright/codecs/on2/enc/SoftVPXEncoder.cpp
index e654843..410f9d0 100644
--- a/media/libstagefright/codecs/on2/enc/SoftVPXEncoder.cpp
+++ b/media/libstagefright/codecs/on2/enc/SoftVPXEncoder.cpp
@@ -26,6 +26,10 @@
#include <media/stagefright/foundation/ADebug.h>
#include <media/stagefright/MediaDefs.h>
+#ifndef INT32_MAX
+#define INT32_MAX 2147483647
+#endif
+
namespace android {
template<class T>
@@ -315,6 +319,11 @@
if (mColorFormat != OMX_COLOR_FormatYUV420Planar || mInputDataIsMeta) {
free(mConversionBuffer);
+ mConversionBuffer = NULL;
+ if (((uint64_t)mWidth * mHeight) > ((uint64_t)INT32_MAX / 3)) {
+ ALOGE("b/25812794, Buffer size is too big.");
+ return UNKNOWN_ERROR;
+ }
mConversionBuffer = (uint8_t *)malloc(mWidth * mHeight * 3 / 2);
if (mConversionBuffer == NULL) {
ALOGE("Allocating conversion buffer failed.");
diff --git a/media/libstagefright/foundation/ALooper.cpp b/media/libstagefright/foundation/ALooper.cpp
index 5c2e9f9..9921636 100644
--- a/media/libstagefright/foundation/ALooper.cpp
+++ b/media/libstagefright/foundation/ALooper.cpp
@@ -234,31 +234,19 @@
// to be called by AMessage::postAndAwaitResponse only
status_t ALooper::awaitResponse(const sp<AReplyToken> &replyToken, sp<AMessage> *response) {
- {
- Mutex::Autolock autoLock(mLock);
- if (mThread == NULL) {
- return -ENOENT;
- }
- }
-
// return status in case we want to handle an interrupted wait
Mutex::Autolock autoLock(mRepliesLock);
CHECK(replyToken != NULL);
- bool gotReply;
- bool shouldContinue = true;
- while (!(gotReply = replyToken->retrieveReply(response)) && shouldContinue) {
- mRepliesCondition.wait(mRepliesLock);
-
+ while (!replyToken->retrieveReply(response)) {
{
Mutex::Autolock autoLock(mLock);
if (mThread == NULL) {
- shouldContinue = false;
- // continue and try to get potential reply one more time before break the loop
+ return -ENOENT;
}
}
+ mRepliesCondition.wait(mRepliesLock);
}
-
- return gotReply ? OK : -ENOENT;
+ return OK;
}
status_t ALooper::postReply(const sp<AReplyToken> &replyToken, const sp<AMessage> &reply) {
diff --git a/services/audioflinger/Threads.cpp b/services/audioflinger/Threads.cpp
index 71fc498..7d2d550 100644
--- a/services/audioflinger/Threads.cpp
+++ b/services/audioflinger/Threads.cpp
@@ -1589,6 +1589,7 @@
dprintf(fd, " Mixer buffer: %p\n", mMixerBuffer);
dprintf(fd, " Effect buffer: %p\n", mEffectBuffer);
dprintf(fd, " Fast track availMask=%#x\n", mFastTrackAvailMask);
+ dprintf(fd, " Standby delay ns=%lld\n", (long long)mStandbyDelayNs);
AudioStreamOut *output = mOutput;
audio_output_flags_t flags = output != NULL ? output->flags : AUDIO_OUTPUT_FLAG_NONE;
String8 flagsAsString = outputFlagsToString(flags);
@@ -2513,7 +2514,8 @@
- mSinkBufferSize from frame count * frame size
- mActiveSleepTimeUs from activeSleepTimeUs()
- mIdleSleepTimeUs from idleSleepTimeUs()
- - mStandbyDelayNs from mActiveSleepTimeUs (DIRECT only)
+ - mStandbyDelayNs from mActiveSleepTimeUs (DIRECT only) or forced to at least
+ kDefaultStandbyTimeInNsecs when connected to an A2DP device.
- maxPeriod from frame count and sample rate (MIXER only)
The parameters that affect these derived values are:
@@ -2532,6 +2534,15 @@
mSinkBufferSize = mNormalFrameCount * mFrameSize;
mActiveSleepTimeUs = activeSleepTimeUs();
mIdleSleepTimeUs = idleSleepTimeUs();
+
+ // make sure standby delay is not too short when connected to an A2DP sink to avoid
+ // truncating audio when going to standby.
+ mStandbyDelayNs = AudioFlinger::mStandbyTimeInNsecs;
+ if ((mOutDevice & AUDIO_DEVICE_OUT_ALL_A2DP) != 0) {
+ if (mStandbyDelayNs < kDefaultStandbyTimeInNsecs) {
+ mStandbyDelayNs = kDefaultStandbyTimeInNsecs;
+ }
+ }
}
void AudioFlinger::PlaybackThread::invalidateTracks(audio_stream_type_t streamType)
@@ -4248,6 +4259,7 @@
status_t& status)
{
bool reconfig = false;
+ bool a2dpDeviceChanged = false;
status = NO_ERROR;
@@ -4324,6 +4336,8 @@
// forward device change to effects that have requested to be
// aware of attached audio device.
if (value != AUDIO_DEVICE_NONE) {
+ a2dpDeviceChanged =
+ (mOutDevice & AUDIO_DEVICE_OUT_ALL_A2DP) != (value & AUDIO_DEVICE_OUT_ALL_A2DP);
mOutDevice = value;
for (size_t i = 0; i < mEffectChains.size(); i++) {
mEffectChains[i]->setDevice_l(mOutDevice);
@@ -4367,7 +4381,7 @@
sq->push(FastMixerStateQueue::BLOCK_UNTIL_PUSHED);
}
- return reconfig;
+ return reconfig || a2dpDeviceChanged;
}
@@ -4803,6 +4817,7 @@
status_t& status)
{
bool reconfig = false;
+ bool a2dpDeviceChanged = false;
status = NO_ERROR;
@@ -4812,6 +4827,8 @@
// forward device change to effects that have requested to be
// aware of attached audio device.
if (value != AUDIO_DEVICE_NONE) {
+ a2dpDeviceChanged =
+ (mOutDevice & AUDIO_DEVICE_OUT_ALL_A2DP) != (value & AUDIO_DEVICE_OUT_ALL_A2DP);
mOutDevice = value;
for (size_t i = 0; i < mEffectChains.size(); i++) {
mEffectChains[i]->setDevice_l(mOutDevice);
@@ -4844,7 +4861,7 @@
}
}
- return reconfig;
+ return reconfig || a2dpDeviceChanged;
}
uint32_t AudioFlinger::DirectOutputThread::activeSleepTimeUs() const
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 6cade57..45ef1f8 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -153,6 +153,7 @@
ALOGE("Could not load camera HAL module: %d (%s)", err, strerror(-err));
logServiceError("Could not load camera HAL module", err);
mNumberOfCameras = 0;
+ mNumberOfNormalCameras = 0;
return;
}
@@ -1960,6 +1961,14 @@
mClientPid = 0;
}
+status_t CameraService::BasicClient::dump(int, const Vector<String16>&) {
+ // No dumping of clients directly over Binder,
+ // must go through CameraService::dump
+ android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403",
+ IPCThreadState::self()->getCallingUid(), NULL, 0);
+ return OK;
+}
+
String16 CameraService::BasicClient::getPackageName() const {
return mClientPackageName;
}
@@ -2412,7 +2421,7 @@
String8(client->getPackageName()).string());
write(fd, result.string(), result.size());
- client->dump(fd, args);
+ client->dumpClient(fd, args);
}
if (stateLocked) mCameraStatesLock.unlock();
diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h
index 42c02ca..ec8c5e9 100644
--- a/services/camera/libcameraservice/CameraService.h
+++ b/services/camera/libcameraservice/CameraService.h
@@ -87,6 +87,9 @@
// Default number of messages to store in eviction log
static const size_t DEFAULT_EVENT_LOG_LENGTH = 100;
+ // Event log ID
+ static const int SN_EVENT_LOG_ID = 0x534e4554;
+
// Implementation of BinderService<T>
static char const* getServiceName() { return "media.camera"; }
@@ -201,7 +204,10 @@
return mRemoteBinder;
}
- virtual status_t dump(int fd, const Vector<String16>& args) = 0;
+ // Disallows dumping over binder interface
+ virtual status_t dump(int fd, const Vector<String16>& args);
+ // Internal dump method to be called by CameraService
+ virtual status_t dumpClient(int fd, const Vector<String16>& args) = 0;
// Return the package name for this client
virtual String16 getPackageName() const;
diff --git a/services/camera/libcameraservice/api1/Camera2Client.cpp b/services/camera/libcameraservice/api1/Camera2Client.cpp
index 4338d64..fbd4034 100644
--- a/services/camera/libcameraservice/api1/Camera2Client.cpp
+++ b/services/camera/libcameraservice/api1/Camera2Client.cpp
@@ -163,6 +163,10 @@
}
status_t Camera2Client::dump(int fd, const Vector<String16>& args) {
+ return BasicClient::dump(fd, args);
+}
+
+status_t Camera2Client::dumpClient(int fd, const Vector<String16>& args) {
String8 result;
result.appendFormat("Client2[%d] (%p) PID: %d, dump:\n", mCameraId,
(getRemoteCallback() != NULL ?
diff --git a/services/camera/libcameraservice/api1/Camera2Client.h b/services/camera/libcameraservice/api1/Camera2Client.h
index d50bf63..7e7a284 100644
--- a/services/camera/libcameraservice/api1/Camera2Client.h
+++ b/services/camera/libcameraservice/api1/Camera2Client.h
@@ -100,6 +100,8 @@
virtual status_t dump(int fd, const Vector<String16>& args);
+ virtual status_t dumpClient(int fd, const Vector<String16>& args);
+
/**
* Interface used by CameraDeviceBase
*/
diff --git a/services/camera/libcameraservice/api1/CameraClient.cpp b/services/camera/libcameraservice/api1/CameraClient.cpp
index 4153658..b942813 100644
--- a/services/camera/libcameraservice/api1/CameraClient.cpp
+++ b/services/camera/libcameraservice/api1/CameraClient.cpp
@@ -108,6 +108,10 @@
}
status_t CameraClient::dump(int fd, const Vector<String16>& args) {
+ return BasicClient::dump(fd, args);
+}
+
+status_t CameraClient::dumpClient(int fd, const Vector<String16>& args) {
const size_t SIZE = 256;
char buffer[SIZE];
diff --git a/services/camera/libcameraservice/api1/CameraClient.h b/services/camera/libcameraservice/api1/CameraClient.h
index 95616b2..17999a5 100644
--- a/services/camera/libcameraservice/api1/CameraClient.h
+++ b/services/camera/libcameraservice/api1/CameraClient.h
@@ -70,7 +70,9 @@
status_t initialize(CameraModule *module);
- status_t dump(int fd, const Vector<String16>& args);
+ virtual status_t dump(int fd, const Vector<String16>& args);
+
+ virtual status_t dumpClient(int fd, const Vector<String16>& args);
private:
diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
index 0c531c3..bd9fea3 100644
--- a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
+++ b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
@@ -787,8 +787,11 @@
return res;
}
-
status_t CameraDeviceClient::dump(int fd, const Vector<String16>& args) {
+ return BasicClient::dump(fd, args);
+}
+
+status_t CameraDeviceClient::dumpClient(int fd, const Vector<String16>& args) {
String8 result;
result.appendFormat("CameraDeviceClient[%d] (%p) dump:\n",
mCameraId,
diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.h b/services/camera/libcameraservice/api2/CameraDeviceClient.h
index d1e692c..b1d1762 100644
--- a/services/camera/libcameraservice/api2/CameraDeviceClient.h
+++ b/services/camera/libcameraservice/api2/CameraDeviceClient.h
@@ -135,6 +135,8 @@
virtual status_t dump(int fd, const Vector<String16>& args);
+ virtual status_t dumpClient(int fd, const Vector<String16>& args);
+
/**
* Device listener interface
*/
diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.cpp b/services/camera/libcameraservice/common/Camera2ClientBase.cpp
index 5732f80..c7de56a 100644
--- a/services/camera/libcameraservice/common/Camera2ClientBase.cpp
+++ b/services/camera/libcameraservice/common/Camera2ClientBase.cpp
@@ -124,7 +124,7 @@
}
template <typename TClientBase>
-status_t Camera2ClientBase<TClientBase>::dump(int fd,
+status_t Camera2ClientBase<TClientBase>::dumpClient(int fd,
const Vector<String16>& args) {
String8 result;
result.appendFormat("Camera2ClientBase[%d] (%p) PID: %d, dump:\n",
diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.h b/services/camera/libcameraservice/common/Camera2ClientBase.h
index 220c5ad..4568af0 100644
--- a/services/camera/libcameraservice/common/Camera2ClientBase.h
+++ b/services/camera/libcameraservice/common/Camera2ClientBase.h
@@ -57,7 +57,7 @@
virtual ~Camera2ClientBase();
virtual status_t initialize(CameraModule *module);
- virtual status_t dump(int fd, const Vector<String16>& args);
+ virtual status_t dumpClient(int fd, const Vector<String16>& args);
/**
* CameraDeviceBase::NotificationListener implementation
diff --git a/services/mediaresourcemanager/ResourceManagerService.cpp b/services/mediaresourcemanager/ResourceManagerService.cpp
index 4790754..6781a36 100644
--- a/services/mediaresourcemanager/ResourceManagerService.cpp
+++ b/services/mediaresourcemanager/ResourceManagerService.cpp
@@ -90,11 +90,7 @@
}
status_t ResourceManagerService::dump(int fd, const Vector<String16>& /* args */) {
- Mutex::Autolock lock(mLock);
-
String8 result;
- const size_t SIZE = 256;
- char buffer[SIZE];
if (checkCallingPermission(String16("android.permission.DUMP")) == false) {
result.format("Permission Denial: "
@@ -105,20 +101,35 @@
return PERMISSION_DENIED;
}
+ PidResourceInfosMap mapCopy;
+ bool supportsMultipleSecureCodecs;
+ bool supportsSecureWithNonSecureCodec;
+ String8 serviceLog;
+ {
+ Mutex::Autolock lock(mLock);
+ mapCopy = mMap; // Shadow copy, real copy will happen on write.
+ supportsMultipleSecureCodecs = mSupportsMultipleSecureCodecs;
+ supportsSecureWithNonSecureCodec = mSupportsSecureWithNonSecureCodec;
+ serviceLog = mServiceLog->toString(" " /* linePrefix */);
+ }
+
+ const size_t SIZE = 256;
+ char buffer[SIZE];
snprintf(buffer, SIZE, "ResourceManagerService: %p\n", this);
result.append(buffer);
result.append(" Policies:\n");
- snprintf(buffer, SIZE, " SupportsMultipleSecureCodecs: %d\n", mSupportsMultipleSecureCodecs);
+ snprintf(buffer, SIZE, " SupportsMultipleSecureCodecs: %d\n", supportsMultipleSecureCodecs);
result.append(buffer);
- snprintf(buffer, SIZE, " SupportsSecureWithNonSecureCodec: %d\n", mSupportsSecureWithNonSecureCodec);
+ snprintf(buffer, SIZE, " SupportsSecureWithNonSecureCodec: %d\n",
+ supportsSecureWithNonSecureCodec);
result.append(buffer);
result.append(" Processes:\n");
- for (size_t i = 0; i < mMap.size(); ++i) {
- snprintf(buffer, SIZE, " Pid: %d\n", mMap.keyAt(i));
+ for (size_t i = 0; i < mapCopy.size(); ++i) {
+ snprintf(buffer, SIZE, " Pid: %d\n", mapCopy.keyAt(i));
result.append(buffer);
- const ResourceInfos &infos = mMap.valueAt(i);
+ const ResourceInfos &infos = mapCopy.valueAt(i);
for (size_t j = 0; j < infos.size(); ++j) {
result.append(" Client:\n");
snprintf(buffer, SIZE, " Id: %lld\n", (long long)infos[j].clientId);
@@ -136,7 +147,7 @@
}
}
result.append(" Events logs (most recent at top):\n");
- result.append(mServiceLog->toString(" " /* linePrefix */));
+ result.append(serviceLog);
write(fd, result.string(), result.size());
return OK;
@@ -307,6 +318,10 @@
}
}
+ if (failedClient == NULL) {
+ return true;
+ }
+
{
Mutex::Autolock lock(mLock);
bool found = false;
@@ -329,7 +344,7 @@
}
}
- return (failedClient == NULL);
+ return false;
}
bool ResourceManagerService::getAllClients_l(