Merge "RELAND CCodec: handle dataspace update from GraphicBufferSource" am: f787fd49ff am: 2fcd4bef11
Original change: https://android-review.googlesource.com/c/platform/frameworks/av/+/1643682
Change-Id: I71e062bbc5daad2f1243b2eb0b28e92c70b05afd
diff --git a/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp b/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp
index 1b8b8c1..6ac3510 100644
--- a/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp
+++ b/drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp
@@ -109,6 +109,7 @@
}
void DrmPlugin::setPlayPolicy() {
+ android::Mutex::Autolock lock(mPlayPolicyLock);
mPlayPolicy.clear();
mPlayPolicy.add(kQueryKeyLicenseType, kStreaming);
mPlayPolicy.add(kQueryKeyPlayAllowed, kTrue);
diff --git a/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h b/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h
index 4fa42e5..aa9b59d 100644
--- a/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h
+++ b/drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h
@@ -262,6 +262,7 @@
void initProperties();
void setPlayPolicy();
+ android::Mutex mPlayPolicyLock;
android::KeyedVector<String8, String8> mPlayPolicy;
android::KeyedVector<String8, String8> mStringProperties;
android::KeyedVector<String8, Vector<uint8_t>> mByteArrayProperties;
diff --git a/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp b/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
index 1495703..d278633 100644
--- a/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
+++ b/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
@@ -119,7 +119,11 @@
return Void();
}
- if (source.offset + offset + source.size > sourceBase->getSize()) {
+ size_t totalSize = 0;
+ if (__builtin_add_overflow(source.offset, offset, &totalSize) ||
+ __builtin_add_overflow(totalSize, source.size, &totalSize) ||
+ totalSize > sourceBase->getSize()) {
+ android_errorWriteLog(0x534e4554, "176496160");
_hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
return Void();
}
diff --git a/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp b/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp
index f87f830..a77759e 100644
--- a/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp
+++ b/drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp
@@ -304,6 +304,7 @@
}
void DrmPlugin::setPlayPolicy() {
+ android::Mutex::Autolock lock(mPlayPolicyLock);
mPlayPolicy.clear();
KeyValue policy;
diff --git a/drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h b/drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h
index 3de7589..076beb8 100644
--- a/drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h
+++ b/drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h
@@ -406,6 +406,7 @@
int64_t mCloseSessionOkCount;
int64_t mCloseSessionNotOpenedCount;
uint32_t mNextSecureStopId;
+ android::Mutex mPlayPolicyLock;
// set by property to mock error scenarios
Status_V1_2 mMockError;
diff --git a/media/codec2/sfplugin/InputSurfaceWrapper.h b/media/codec2/sfplugin/InputSurfaceWrapper.h
index 3ddae01..50d600c 100644
--- a/media/codec2/sfplugin/InputSurfaceWrapper.h
+++ b/media/codec2/sfplugin/InputSurfaceWrapper.h
@@ -61,24 +61,24 @@
/// Input Surface configuration
struct Config {
// IN PARAMS (GBS)
- float mMinFps; // minimum fps (repeat frame to achieve this)
- float mMaxFps; // max fps (via frame drop)
- float mCaptureFps; // capture fps
- float mCodedFps; // coded fps
- bool mSuspended; // suspended
- int64_t mTimeOffsetUs; // time offset (input => codec)
- int64_t mSuspendAtUs; // suspend/resume time
- int64_t mStartAtUs; // start time
- bool mStopped; // stopped
- int64_t mStopAtUs; // stop time
+ float mMinFps = 0.0; // minimum fps (repeat frame to achieve this)
+ float mMaxFps = 0.0; // max fps (via frame drop)
+ float mCaptureFps = 0.0; // capture fps
+ float mCodedFps = 0.0; // coded fps
+ bool mSuspended = false; // suspended
+ int64_t mTimeOffsetUs = 0; // time offset (input => codec)
+ int64_t mSuspendAtUs = 0; // suspend/resume time
+ int64_t mStartAtUs = 0; // start time
+ bool mStopped = false; // stopped
+ int64_t mStopAtUs = 0; // stop time
// OUT PARAMS (GBS)
- int64_t mInputDelayUs; // delay between encoder input and surface input
+ int64_t mInputDelayUs = 0; // delay between encoder input and surface input
// IN PARAMS (CODEC WRAPPER)
- float mFixedAdjustedFps; // fixed fps via PTS manipulation
- float mMinAdjustedFps; // minimum fps via PTS manipulation
- uint64_t mUsage; // consumer usage
+ float mFixedAdjustedFps = 0.0; // fixed fps via PTS manipulation
+ float mMinAdjustedFps = 0.0; // minimum fps via PTS manipulation
+ uint64_t mUsage = 0; // consumer usage
};
/**
diff --git a/media/libmedia/IMediaPlayer.cpp b/media/libmedia/IMediaPlayer.cpp
index 8a4b17c..c89c023 100644
--- a/media/libmedia/IMediaPlayer.cpp
+++ b/media/libmedia/IMediaPlayer.cpp
@@ -20,6 +20,7 @@
#include <sys/types.h>
#include <android/IDataSource.h>
+#include <binder/IPCThreadState.h>
#include <binder/Parcel.h>
#include <gui/IGraphicBufferProducer.h>
#include <media/AudioResamplerPublic.h>
@@ -34,59 +35,37 @@
using media::VolumeShaper;
-enum {
- DISCONNECT = IBinder::FIRST_CALL_TRANSACTION,
- SET_DATA_SOURCE_URL,
- SET_DATA_SOURCE_FD,
- SET_DATA_SOURCE_STREAM,
- SET_DATA_SOURCE_CALLBACK,
- SET_DATA_SOURCE_RTP,
- SET_BUFFERING_SETTINGS,
- GET_BUFFERING_SETTINGS,
- PREPARE_ASYNC,
- START,
- STOP,
- IS_PLAYING,
- SET_PLAYBACK_SETTINGS,
- GET_PLAYBACK_SETTINGS,
- SET_SYNC_SETTINGS,
- GET_SYNC_SETTINGS,
- PAUSE,
- SEEK_TO,
- GET_CURRENT_POSITION,
- GET_DURATION,
- RESET,
- NOTIFY_AT,
- SET_AUDIO_STREAM_TYPE,
- SET_LOOPING,
- SET_VOLUME,
- INVOKE,
- SET_METADATA_FILTER,
- GET_METADATA,
- SET_AUX_EFFECT_SEND_LEVEL,
- ATTACH_AUX_EFFECT,
- SET_VIDEO_SURFACETEXTURE,
- SET_PARAMETER,
- GET_PARAMETER,
- SET_RETRANSMIT_ENDPOINT,
- GET_RETRANSMIT_ENDPOINT,
- SET_NEXT_PLAYER,
- APPLY_VOLUME_SHAPER,
- GET_VOLUME_SHAPER_STATE,
- // Modular DRM
- PREPARE_DRM,
- RELEASE_DRM,
- // AudioRouting
- SET_OUTPUT_DEVICE,
- GET_ROUTED_DEVICE_ID,
- ENABLE_AUDIO_DEVICE_CALLBACK,
-};
-
// ModDrm helpers
-static void readVector(const Parcel& reply, Vector<uint8_t>& vector) {
- uint32_t size = reply.readUint32();
- vector.insertAt((size_t)0, size);
- reply.read(vector.editArray(), size);
+static status_t readVector(const Parcel& reply, Vector<uint8_t>& vector) {
+ uint32_t size = 0;
+ status_t status = reply.readUint32(&size);
+ if (status == OK) {
+ status = size <= reply.dataAvail() ? OK : BAD_VALUE;
+ }
+ if (status == OK) {
+ status = vector.insertAt((size_t) 0, size) >= 0 ? OK : NO_MEMORY;
+ }
+ if (status == OK) {
+ status = reply.read(vector.editArray(), size);
+ }
+ if (status != OK) {
+ char errorMsg[100];
+ char buganizerId[] = "173720767";
+ snprintf(errorMsg,
+ sizeof(errorMsg),
+ "%s: failed to read array. Size: %d, status: %d.",
+ __func__,
+ size,
+ status);
+ android_errorWriteWithInfoLog(
+ /* safetyNet tag= */ 0x534e4554,
+ buganizerId,
+ IPCThreadState::self()->getCallingUid(),
+ errorMsg,
+ strlen(errorMsg));
+ ALOGE("%s (b/%s)", errorMsg, buganizerId);
+ }
+ return status;
}
static void writeVector(Parcel& data, Vector<uint8_t> const& vector) {
@@ -977,8 +956,10 @@
uint8_t uuid[16] = {};
data.read(uuid, sizeof(uuid));
Vector<uint8_t> drmSessionId;
- readVector(data, drmSessionId);
-
+ status_t status = readVector(data, drmSessionId);
+ if (status != OK) {
+ return status;
+ }
uint32_t result = prepareDrm(uuid, drmSessionId);
reply->writeInt32(result);
return OK;
diff --git a/media/libmedia/include/media/IMediaPlayer.h b/media/libmedia/include/media/IMediaPlayer.h
index 3548a1e..28684d1 100644
--- a/media/libmedia/include/media/IMediaPlayer.h
+++ b/media/libmedia/include/media/IMediaPlayer.h
@@ -137,6 +137,56 @@
virtual status_t setOutputDevice(audio_port_handle_t deviceId) = 0;
virtual status_t getRoutedDeviceId(audio_port_handle_t *deviceId) = 0;
virtual status_t enableAudioDeviceCallback(bool enabled) = 0;
+protected:
+
+ friend class IMediaPlayerTest;
+ enum {
+ DISCONNECT = IBinder::FIRST_CALL_TRANSACTION,
+ SET_DATA_SOURCE_URL,
+ SET_DATA_SOURCE_FD,
+ SET_DATA_SOURCE_STREAM,
+ SET_DATA_SOURCE_CALLBACK,
+ SET_DATA_SOURCE_RTP,
+ SET_BUFFERING_SETTINGS,
+ GET_BUFFERING_SETTINGS,
+ PREPARE_ASYNC,
+ START,
+ STOP,
+ IS_PLAYING,
+ SET_PLAYBACK_SETTINGS,
+ GET_PLAYBACK_SETTINGS,
+ SET_SYNC_SETTINGS,
+ GET_SYNC_SETTINGS,
+ PAUSE,
+ SEEK_TO,
+ GET_CURRENT_POSITION,
+ GET_DURATION,
+ RESET,
+ NOTIFY_AT,
+ SET_AUDIO_STREAM_TYPE,
+ SET_LOOPING,
+ SET_VOLUME,
+ INVOKE,
+ SET_METADATA_FILTER,
+ GET_METADATA,
+ SET_AUX_EFFECT_SEND_LEVEL,
+ ATTACH_AUX_EFFECT,
+ SET_VIDEO_SURFACETEXTURE,
+ SET_PARAMETER,
+ GET_PARAMETER,
+ SET_RETRANSMIT_ENDPOINT,
+ GET_RETRANSMIT_ENDPOINT,
+ SET_NEXT_PLAYER,
+ APPLY_VOLUME_SHAPER,
+ GET_VOLUME_SHAPER_STATE,
+ // Modular DRM
+ PREPARE_DRM,
+ RELEASE_DRM,
+ // AudioRouting
+ SET_OUTPUT_DEVICE,
+ GET_ROUTED_DEVICE_ID,
+ ENABLE_AUDIO_DEVICE_CALLBACK,
+ };
};
// ----------------------------------------------------------------------------
diff --git a/media/libmedia/tests/mediaplayer/Android.bp b/media/libmedia/tests/mediaplayer/Android.bp
new file mode 100644
index 0000000..0fff7b4
--- /dev/null
+++ b/media/libmedia/tests/mediaplayer/Android.bp
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "frameworks_av_media_libmedia_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["frameworks_av_media_libmedia_license"],
+}
+
+cc_test {
+ name: "IMediaPlayerTest",
+ test_suites: ["device-tests", "mts"],
+ gtest: true,
+
+ srcs: [
+ "IMediaPlayerTest.cpp",
+ ],
+
+ shared_libs: [
+ "libbinder",
+ "liblog",
+ "libmedia",
+ "libstagefright",
+ "libstagefright_foundation",
+ "libutils",
+ ],
+ compile_multilib: "first",
+ cflags: [
+ "-Werror",
+ "-Wall",
+ ],
+}
diff --git a/media/libmedia/tests/mediaplayer/IMediaPlayerTest.cpp b/media/libmedia/tests/mediaplayer/IMediaPlayerTest.cpp
new file mode 100644
index 0000000..097e8ef
--- /dev/null
+++ b/media/libmedia/tests/mediaplayer/IMediaPlayerTest.cpp
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <binder/IServiceManager.h>
+#include <binder/Parcel.h>
+#include <gtest/gtest.h>
+#include <media/stagefright/foundation/ABuffer.h>
+#include <media/IMediaPlayer.h>
+#include <media/IMediaPlayerService.h>
+#include <media/mediaplayer.h>
+
+namespace android {
+
+constexpr uint8_t kMockByteArray[16] = {};
+
+ class IMediaPlayerTest : public testing::Test {
+ protected:
+ static constexpr uint32_t PREPARE_DRM = IMediaPlayer::PREPARE_DRM;
+
+ void SetUp() override {
+ mediaPlayer_ = new MediaPlayer();
+ sp<IServiceManager> serviceManager = defaultServiceManager();
+ sp<IBinder> mediaPlayerService = serviceManager->getService(String16("media.player"));
+ sp<IMediaPlayerService> iMediaPlayerService =
+ IMediaPlayerService::asInterface(mediaPlayerService);
+ iMediaPlayer_ = iMediaPlayerService->create(mediaPlayer_);
+ }
+
+ sp<MediaPlayer> mediaPlayer_;
+ sp<IMediaPlayer> iMediaPlayer_;
+ };
+
+TEST_F(IMediaPlayerTest, PrepareDrmInvalidTransaction) {
+ Parcel data, reply;
+ data.writeInterfaceToken(iMediaPlayer_->getInterfaceDescriptor());
+ data.write(kMockByteArray, 16);
+
+ // We write a length greater than the following session id array. Should be discarded.
+ data.writeUint32(2);
+ data.writeUnpadded(kMockByteArray, 1);
+
+ status_t result = IMediaPlayer::asBinder(iMediaPlayer_)
+ ->transact(PREPARE_DRM, data, &reply);
+ ASSERT_EQ(result, BAD_VALUE);
+}
+
+TEST_F(IMediaPlayerTest, PrepareDrmValidTransaction) {
+ Parcel data, reply;
+ data.writeInterfaceToken(iMediaPlayer_->getInterfaceDescriptor());
+ data.write(kMockByteArray, 16);
+
+ // We write a length equal to the length of the following data. The transaction should be valid.
+ data.writeUint32(1);
+ data.write(kMockByteArray, 1);
+
+ status_t result = IMediaPlayer::asBinder(iMediaPlayer_)
+ ->transact(PREPARE_DRM, data, &reply);
+ ASSERT_EQ(result, OK);
+}
+} // namespace android
diff --git a/media/libstagefright/MediaCodec.cpp b/media/libstagefright/MediaCodec.cpp
index 4406efd..8681fa3 100644
--- a/media/libstagefright/MediaCodec.cpp
+++ b/media/libstagefright/MediaCodec.cpp
@@ -19,6 +19,8 @@
#define LOG_TAG "MediaCodec"
#include <utils/Log.h>
+#include <set>
+
#include <inttypes.h>
#include <stdlib.h>
@@ -201,6 +203,10 @@
// implements DeathRecipient
static void BinderDiedCallback(void* cookie);
void binderDied();
+ static Mutex sLockCookies;
+ static std::set<void*> sCookies;
+ static void addCookie(void* cookie);
+ static void removeCookie(void* cookie);
void addResource(const MediaResourceParcel &resource);
void removeResource(const MediaResourceParcel &resource);
@@ -227,8 +233,15 @@
}
MediaCodec::ResourceManagerServiceProxy::~ResourceManagerServiceProxy() {
+
+ // remove the cookie, so any in-flight death notification will get dropped
+ // by our handler.
+ removeCookie(this);
+
+ Mutex::Autolock _l(mLock);
if (mService != nullptr) {
AIBinder_unlinkToDeath(mService->asBinder().get(), mDeathRecipient.get(), this);
+ mService = nullptr;
}
}
@@ -240,6 +253,10 @@
return;
}
+ // so our handler will process the death notifications
+ addCookie(this);
+
+ // after this, require mLock whenever using mService
AIBinder_linkToDeath(mService->asBinder().get(), mDeathRecipient.get(), this);
// Kill clients pending removal.
@@ -247,9 +264,28 @@
}
//static
+Mutex MediaCodec::ResourceManagerServiceProxy::sLockCookies;
+std::set<void*> MediaCodec::ResourceManagerServiceProxy::sCookies;
+
+//static
+void MediaCodec::ResourceManagerServiceProxy::addCookie(void* cookie) {
+ Mutex::Autolock _l(sLockCookies);
+ sCookies.insert(cookie);
+}
+
+//static
+void MediaCodec::ResourceManagerServiceProxy::removeCookie(void* cookie) {
+ Mutex::Autolock _l(sLockCookies);
+ sCookies.erase(cookie);
+}
+
+//static
void MediaCodec::ResourceManagerServiceProxy::BinderDiedCallback(void* cookie) {
- auto thiz = static_cast<ResourceManagerServiceProxy*>(cookie);
- thiz->binderDied();
+ Mutex::Autolock _l(sLockCookies);
+ if (sCookies.find(cookie) != sCookies.end()) {
+ auto thiz = static_cast<ResourceManagerServiceProxy*>(cookie);
+ thiz->binderDied();
+ }
}
void MediaCodec::ResourceManagerServiceProxy::binderDied() {
diff --git a/media/libstagefright/foundation/ABuffer.cpp b/media/libstagefright/foundation/ABuffer.cpp
index c8965d9..c79384c 100644
--- a/media/libstagefright/foundation/ABuffer.cpp
+++ b/media/libstagefright/foundation/ABuffer.cpp
@@ -67,7 +67,7 @@
void ABuffer::setRange(size_t offset, size_t size) {
CHECK_LE(offset, mCapacity);
- CHECK_LE(offset + size, mCapacity);
+ CHECK_LE(size, mCapacity - offset);
mRangeOffset = offset;
mRangeLength = size;
diff --git a/media/utils/TimeCheck.cpp b/media/utils/TimeCheck.cpp
index 59d74de..819e146 100644
--- a/media/utils/TimeCheck.cpp
+++ b/media/utils/TimeCheck.cpp
@@ -39,10 +39,9 @@
static std::atomic<int> curAudioHalPids = 0;
if (update) {
- audioHalPids[(curAudioHalPids + 1) % kNumAudioHalPidsVectors] = *pids;
- curAudioHalPids++;
+ audioHalPids[(curAudioHalPids++ + 1) % kNumAudioHalPidsVectors] = *pids;
} else {
- *pids = audioHalPids[curAudioHalPids];
+ *pids = audioHalPids[curAudioHalPids % kNumAudioHalPidsVectors];
}
}