Sanity check IMemory access versus underlying mmap
Bug 26877992 Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
This commit is contained in:
Christopher Tate
The Android Automerger
parent
28a83d4206
commit
a5d2913b07
@ -26,6 +26,7 @@
|
|||||||
#include <sys/mman.h>
|
#include <sys/mman.h>
|
||||||
|
|
||||||
#include <binder/IMemory.h>
|
#include <binder/IMemory.h>
|
||||||
|
#include <cutils/log.h>
|
||||||
#include <utils/KeyedVector.h>
|
#include <utils/KeyedVector.h>
|
||||||
#include <utils/threads.h>
|
#include <utils/threads.h>
|
||||||
#include <utils/Atomic.h>
|
#include <utils/Atomic.h>
|
||||||
@ -187,15 +188,26 @@ sp<IMemoryHeap> BpMemory::getMemory(ssize_t* offset, size_t* size) const
|
|||||||
if (heap != 0) {
|
if (heap != 0) {
|
||||||
mHeap = interface_cast<IMemoryHeap>(heap);
|
mHeap = interface_cast<IMemoryHeap>(heap);
|
||||||
if (mHeap != 0) {
|
if (mHeap != 0) {
|
||||||
mOffset = o;
|
size_t heapSize = mHeap->getSize();
|
||||||
mSize = s;
|
if (s <= heapSize
|
||||||
|
&& o >= 0
|
||||||
|
&& (static_cast<size_t>(o) <= heapSize - s)) {
|
||||||
|
mOffset = o;
|
||||||
|
mSize = s;
|
||||||
|
} else {
|
||||||
|
// Hm.
|
||||||
|
android_errorWriteWithInfoLog(0x534e4554,
|
||||||
|
"26877992", -1, NULL, 0);
|
||||||
|
mOffset = 0;
|
||||||
|
mSize = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (offset) *offset = mOffset;
|
if (offset) *offset = mOffset;
|
||||||
if (size) *size = mSize;
|
if (size) *size = mSize;
|
||||||
return mHeap;
|
return (mSize > 0) ? mHeap : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user