Piteball
/
android_hardware_qcom_display
mirror of https://github.com/followmsi/android_hardware_qcom_display.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gralloc1: Check input addresses for null 

Change-Id: Iddfcc07e50d3503a69b3604e5bd7f025f2b20534
CRs-Fixed: 2114346
This commit is contained in:
Saurabh Shah 2017-09-21 15:30:15 -07:00 committed by Alain Vongsouvanh
parent c348e7790e
commit 4ab72fe774
2 changed files with 93 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
msm8909w_3100/libgralloc1/gr_buf_mgr.cpp
View File

@ -551,6 +551,10 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
int format = va_arg(args, int);
native_handle_t **handle = va_arg(args, native_handle_t **);
if (!handle) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
private_handle_t *hnd = reinterpret_cast<private_handle_t *>(
native_handle_create(private_handle_t::kNumFds, private_handle_t::NumInts()));
if (hnd) {
@ -560,7 +564,7 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
hnd->flags = private_handle_t::PRIV_FLAGS_USES_ION;
hnd->size = size;
hnd->offset = offset;
hnd->base = uint64_t(base) + offset;
hnd->base = uint64_t(base);
hnd->gpuaddr = 0;
BufferInfo info(width, height, format);
GetAlignedWidthAndHeight(info, &alignedw, &alignedh);
@ -578,6 +582,11 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
int format = va_arg(args, int);
int *stride = va_arg(args, int *);
unsigned int alignedw = 0, alignedh = 0;
if (!stride) {
return GRALLOC1_ERROR_BAD_VALUE;
}
BufferInfo info(width, width, format);
GetAlignedWidthAndHeight(info, &alignedw, &alignedh);
*stride = INT(alignedw);
@ -590,6 +599,10 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!stride) {
return GRALLOC1_ERROR_BAD_VALUE;
}
BufferDim_t buffer_dim;
if (getMetaData(hnd, GET_BUFFER_GEOMETRY, &buffer_dim) == 0) {
*stride = buffer_dim.sliceWidth;
@ -607,6 +620,10 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!stride || !height) {
return GRALLOC1_ERROR_BAD_VALUE;
}
BufferDim_t buffer_dim;
if (getMetaData(hnd, GET_BUFFER_GEOMETRY, &buffer_dim) == 0) {
*stride = buffer_dim.sliceWidth;
@ -631,6 +648,10 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
int *aligned_width = va_arg(args, int *);
int *aligned_height = va_arg(args, int *);
int *tile_enabled = va_arg(args, int *);
if (!aligned_width || !aligned_height || !tile_enabled) {
return GRALLOC1_ERROR_BAD_VALUE;
}
unsigned int alignedw, alignedh;
BufferInfo info(width, height, format, prod_usage, cons_usage);
*tile_enabled = IsUBwcEnabled(format, prod_usage, cons_usage);
@ -642,9 +663,15 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
case GRALLOC_MODULE_PERFORM_GET_COLOR_SPACE_FROM_HANDLE: {
private_handle_t *hnd = va_arg(args, private_handle_t *);
int *color_space = va_arg(args, int *);
if (private_handle_t::validate(hnd) != 0) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!color_space) {
return GRALLOC1_ERROR_BAD_VALUE;
}
*color_space = 0;
#ifdef USE_COLOR_METADATA
ColorMetaData color_metadata;
@ -676,6 +703,11 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
if (private_handle_t::validate(hnd) != 0) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!ycbcr) {
return GRALLOC1_ERROR_BAD_VALUE;
}
if (GetYUVPlaneInfo(hnd, ycbcr)) {
return GRALLOC1_ERROR_UNDEFINED;
}
@ -684,10 +716,15 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
case GRALLOC_MODULE_PERFORM_GET_MAP_SECURE_BUFFER_INFO: {
private_handle_t *hnd = va_arg(args, private_handle_t *);
int *map_secure_buffer = va_arg(args, int *);
if (private_handle_t::validate(hnd) != 0) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!map_secure_buffer) {
return GRALLOC1_ERROR_BAD_VALUE;
}
if (getMetaData(hnd, GET_MAP_SECURE_BUFFER, map_secure_buffer) == 0) {
*map_secure_buffer = 0;
}
@ -696,9 +733,15 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
case GRALLOC_MODULE_PERFORM_GET_UBWC_FLAG: {
private_handle_t *hnd = va_arg(args, private_handle_t *);
int *flag = va_arg(args, int *);
if (private_handle_t::validate(hnd) != 0) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!flag) {
return GRALLOC1_ERROR_BAD_VALUE;
}
*flag = hnd->flags &private_handle_t::PRIV_FLAGS_UBWC_ALIGNED;
int linear_format = 0;
if (getMetaData(hnd, GET_LINEAR_FORMAT, &linear_format) == 0) {
@ -711,9 +754,15 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
case GRALLOC_MODULE_PERFORM_GET_RGB_DATA_ADDRESS: {
private_handle_t *hnd = va_arg(args, private_handle_t *);
void **rgb_data = va_arg(args, void **);
if (private_handle_t::validate(hnd) != 0) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!rgb_data) {
return GRALLOC1_ERROR_BAD_VALUE;
}
if (GetRgbDataAddress(hnd, rgb_data)) {
return GRALLOC1_ERROR_UNDEFINED;
}
@ -730,6 +779,11 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
uint32_t *aligned_width = va_arg(args, uint32_t *);
uint32_t *aligned_height = va_arg(args, uint32_t *);
uint32_t *size = va_arg(args, uint32_t *);
if (!aligned_width || !aligned_height || !size) {
return GRALLOC1_ERROR_BAD_VALUE;
}
auto info = BufferInfo(width, height, format, producer_usage, consumer_usage);
GetBufferSizeAndDimensions(info, size, aligned_width, aligned_height);
// Align size
@ -737,8 +791,6 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
*size = ALIGN(*size, align);
} break;
// TODO(user): Break out similar functionality, preferably moving to a common lib.
case GRALLOC1_MODULE_PERFORM_ALLOCATE_BUFFER: {
int width = va_arg(args, int);
int height = va_arg(args, int);
@ -758,9 +810,15 @@ gralloc1_error_t BufferManager::Perform(int operation, va_list args) {
case GRALLOC1_MODULE_PERFORM_GET_INTERLACE_FLAG: {
private_handle_t *hnd = va_arg(args, private_handle_t *);
int *flag = va_arg(args, int *);
if (private_handle_t::validate(hnd) != 0) {
return GRALLOC1_ERROR_BAD_HANDLE;
}
if (!flag) {
return GRALLOC1_ERROR_BAD_VALUE;
}
if (getMetaData(hnd, GET_PP_PARAM_INTERLACED, flag) != 0) {
*flag = 0;
}

40
msm8909w_3100/libgralloc1/gr_device_impl.cpp
View File

@ -344,6 +344,10 @@ gralloc1_error_t GrallocImpl::GetLayerCount(gralloc1_device_t *device, buffer_ha
gralloc1_error_t GrallocImpl::GetProducerUsage(gralloc1_device_t *device, buffer_handle_t buffer,
gralloc1_producer_usage_t *outUsage) {
if (!outUsage) {
return GRALLOC1_ERROR_BAD_VALUE;
}
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status == GRALLOC1_ERROR_NONE) {
const private_handle_t *hnd = PRIV_HANDLE_CONST(buffer);
@ -355,6 +359,10 @@ gralloc1_error_t GrallocImpl::GetProducerUsage(gralloc1_device_t *device, buffer
gralloc1_error_t GrallocImpl::GetBufferStride(gralloc1_device_t *device, buffer_handle_t buffer,
uint32_t *outStride) {
if (!outStride) {
return GRALLOC1_ERROR_BAD_VALUE;
}
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status == GRALLOC1_ERROR_NONE) {
*outStride = UINT(PRIV_HANDLE_CONST(buffer)->GetStride());
@ -370,6 +378,10 @@ gralloc1_error_t GrallocImpl::AllocateBuffers(gralloc1_device_t *device, uint32_
return GRALLOC1_ERROR_BAD_DESCRIPTOR;
}
if (!device) {
return GRALLOC1_ERROR_BAD_VALUE;
}
GrallocImpl const *dev = GRALLOC_IMPL(device);
gralloc1_error_t status = dev->buf_mgr_->AllocateBuffers(num_descriptors, descriptors,
out_buffers);
@ -401,6 +413,10 @@ gralloc1_error_t GrallocImpl::ReleaseBuffer(gralloc1_device_t *device, buffer_ha
gralloc1_error_t GrallocImpl::GetNumFlexPlanes(gralloc1_device_t *device, buffer_handle_t buffer,
uint32_t *out_num_planes) {
if (!out_num_planes) {
return GRALLOC1_ERROR_BAD_VALUE;
}
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status == GRALLOC1_ERROR_NONE) {
GrallocImpl const *dev = GRALLOC_IMPL(device);
@ -422,7 +438,8 @@ gralloc1_error_t GrallocImpl::LockBuffer(gralloc1_device_t *device, buffer_handl
const gralloc1_rect_t *region, void **out_data,
int32_t acquire_fence) {
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status != GRALLOC1_ERROR_NONE) {
if (status != GRALLOC1_ERROR_NONE || !out_data ||
!region) { // currently we ignore the region/rect client wants to lock
CloseFdIfValid(acquire_fence);
return status;
}
@ -447,13 +464,8 @@ gralloc1_error_t GrallocImpl::LockBuffer(gralloc1_device_t *device, buffer_handl
// return GRALLOC1_ERROR_BAD_VALUE;
}
// currently we ignore the region/rect client wants to lock
if (region == NULL) {
return GRALLOC1_ERROR_BAD_VALUE;
}
// TODO(user): Need to check if buffer was allocated with the same flags
status = dev->buf_mgr_->LockBuffer(hnd, prod_usage, cons_usage);
*out_data = reinterpret_cast<void *>(hnd->base);
return status;
@ -465,7 +477,12 @@ gralloc1_error_t GrallocImpl::LockFlex(gralloc1_device_t *device, buffer_handle_
const gralloc1_rect_t *region,
struct android_flex_layout *out_flex_layout,
int32_t acquire_fence) {
void *out_data;
if (!out_flex_layout) {
CloseFdIfValid(acquire_fence);
return GRALLOC1_ERROR_BAD_VALUE;
}
void *out_data {};
gralloc1_error_t status = GrallocImpl::LockBuffer(device, buffer, prod_usage, cons_usage, region,
&out_data, acquire_fence);
if (status != GRALLOC1_ERROR_NONE) {
@ -481,11 +498,14 @@ gralloc1_error_t GrallocImpl::LockFlex(gralloc1_device_t *device, buffer_handle_
gralloc1_error_t GrallocImpl::UnlockBuffer(gralloc1_device_t *device, buffer_handle_t buffer,
int32_t *release_fence) {
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status != GRALLOC1_ERROR_NONE) {
return status;
}
if (!release_fence) {
return GRALLOC1_ERROR_BAD_VALUE;
}
const private_handle_t *hnd = PRIV_HANDLE_CONST(buffer);
GrallocImpl const *dev = GRALLOC_IMPL(device);
@ -495,6 +515,10 @@ gralloc1_error_t GrallocImpl::UnlockBuffer(gralloc1_device_t *device, buffer_han
}
gralloc1_error_t GrallocImpl::Gralloc1Perform(gralloc1_device_t *device, int operation, ...) {
if (!device) {
return GRALLOC1_ERROR_BAD_VALUE;
}
va_list args;
va_start(args, operation);
GrallocImpl const *dev = GRALLOC_IMPL(device);