Differs slightly from mnc+ patch: GetFlattenedSize was fixed in mnc.
Test: Boot device, run poc from bug, observe no longer crashes
Bug: 37285689
AOSP-Change-Id: Id8b851733b088cce0d07493fbf76e7e24f9299ad
(cherry picked from commit 9809602ac32dcb7bceaa5bc34df5b7fb68aacd38)
CVE-2017-0666
Change-Id: I778c82b363ca0409d534f255cc5d17b39e751986
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlfO7kcACgkQ6K0/gZqxDniKDACfe+IKxeKXazFQSWgFI0CW9HUK
nuQAoIomQRV9NOdD2SVHJR1zyTKXx82E
=FStj
-----END PGP SIGNATURE-----
Merge tag 'android-6.0.1_r66' into HEAD
Android 6.0.1 release 66
# gpg: Signature made Tue 06 Sep 2016 09:26:47 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
Reportedly Mali and PowerVR GPUs are crashing when setting handle to NULL
So we will set a flag for the devices that might need this aswell
Set BOARD_EGL_NEEDS_HANDLE_VALUE=true in BoardConfig.mk to use
Change-Id: I6c967f62dc6adced7583d7b2045d11cf5b25fc80
This reverts c784dfc39f for exynos4 devices
with Mali 400 GPUs, which causes a fatal signal (SIGSEGV) and death of
the graphics subsystem
Change-Id: I6dbf8f8664fca01baf63fece7c64016609fe3e1c
This change allows producers to set a generation number on a
BufferQueue. This number will be embedded in any new GraphicBuffers
created in that BufferQueue, and attempts to attach buffers which have
a different generation number will fail.
It also plumbs the setGenerationNumber method through Surface, with the
additional effect that any buffers attached to the Surface after
setting a new generation number will automatically be updated with the
new number (as opposed to failing, as would happen on through IGBP).
Bug: 20923096
Change-Id: I32bf726b035f99c3e5834beaf76afb9f01adcbc2
Applies GRALLOC_USAGE_ALLOC_MASK to the incoming usage bits before
calling alloc on the gralloc module. This filters out the new flag
GRALLOC_USAGE_FOREIGN_BUFFERS, which is used to send a hint to the
producer, but which does not affect the allocation of buffers.
Bug: 19801661
Change-Id: Ia37a3eddba2e97598e50ac3e10877430adfa9247
Surface::{cancel,queue}Buffer and GraphicBufferMapper::lockAsyncYCbCr take the
ownership of |fenceFd|s. Though they don't close it on error cases.
Change-Id: I49a7ce8837d5c510c4ac4ad4649f310d18610e80
(cherry picked from commit c7263fb432)
GraphicBufferMapper::lockAsync{,YCbCr} close the fence FD even when the FD
is invalid.
Change-Id: Ia2b4dae3b2c06426e34f623f19ba92435f486ab7
(cherry picked from commit dcfe91e1f3)
Adds a new method IGBP::allowAllocation, which controls whether
dequeueBuffer is permitted to allocate a new buffer. If allocation is
disallowed, dequeueBuffer will block or return an error as it
normally would (as controlled by *ControlledByApp).
If there are free buffers, but they are not of the correct dimensions,
format, or usage, they may be freed if a more suitable buffer is not
found first.
Bug: 19801715
Change-Id: I0d604958b78b2fd775c2547690301423f9a52165
BufferItem and GraphicBuffer were not parceling correctly, which had
not been noticed because the libgui tests (specifically, one that
tests placing a BufferQueue in a separate process from the IGBP/C)
had not been run recently. This change fixes the errors found in
those classes.
Change-Id: Ie224361a534a79115a3481d83ff97f21d154d4f5
This change adds support for passing surface damage all of the way
down from the EGL interface through the consumer side of the
BufferQueue. Depends on system/core change
Ie645e6a52b37b5c1b3be19481e8348570d1aa62c
Bug: 11239309
Change-Id: I4457ea826e9ade4ec187f973851d855b7b93a31b
Fence was flattening incorrectly, causing issues with any fields
flattened after it, and Region was relying on being the last object
flattened. This change addresses both.
Change-Id: If49de061de6e2f11f4d846b4d8c18627dfb7e109
There is memory corruption in below code
const Rect* prev = &dst[prevIndex];
dst.add(Rect(prev->right, top, right, bottom));
prev points to a memory of vector dst, when dst resize in add()
call, the memory that prev points to will be copy to the new
allocated vector memory and the old memory will become undefined
Avoid pointer in this case, use a local copy instead
Change-Id: I4d95ceedd00c8fb615ac153082ade1b1ce0d0fa8
- Wire up new dataSpace parameter through buffer queue stack
- Update tests to include the parameter
- Switch eglApi to using dataSpace to indicate sRGB gamma/linear
difference
- Remove RAW_SENSOR in favor of RAW16
- Remove use of sRGB format enums
- Add default dataspace to buffer queue core
- Add query for default dataspace
Cherry pick of I070bd2e7c56506055c419004c29e2e3feac725df
Change-Id: I461952389c18051176c6b75e664f20ad369f5760
There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.
Cherry pick of I3a3e50ee3078a4710e9737114e65afc923ed0573
Bug: 18076253
Change-Id: I82a883572b401f115d252dcd3d00aa7252b49b0e
The Region::set(uint32_t,uint32_t) ABI is used by the Nexus 10 graphics
driver blobs.
After commit dd883c0b08, Nexus 10 blobs
need a rebuild unless the old ABI is added back
Change-Id: I138dcc1cc281b8d3cde0021282bf874054ec4eaf
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
Enables -Weverything and -Werror, with just a few exceptions for
warnings we can't (or shouldn't need to) work around.
Change-Id: I470a267e9b1c373f2d5c960f005c3b0e02b2db63
(cherry picked from commit 303b9a5123)
Enables clang and C++11 for libui/libgui/surfaceflinger, and
eliminates all compile-time warnings.
Change-Id: Ie237fdb5ae44f2bfcddaa884f9c65ec3f08ae50f
(cherry picked from commit f10c46ef85)
Needed to build successfully when libc++ is the default STL.
Also fix a missing include. Not sure how this was getting by before.
Probably some transitive include.
Change-Id: Ie96b79e96b4e154d786fbf2d5ae5cf5892608837
If getNativeBuffer() is called on a NULL GraphicBuffer the
static_cast of this from GraphicBuffer* to ANativeWindowBuffer*
will return a small pointer like (ANativeWindowBuffer*)0x10.
This value can propagate past NULL checks until it causes a crash
far away from the original NULL pointer. Crash immediately
instead.
Change-Id: Id614b9eb1484108b3c3c733545309844c4b87532
The gralloc API now provides a way for using lock/unlock with the Android
explicit synchronisation concept. This changes updates the GraphicBuffer class
to also expose this functionality, and updates the Surface class to make use of
in line with the dequeueBuffer/queueBuffer mechanism.
This new behaviour is dependent on GRALLOC_MODULE_API_VERSION_0_3. If the local
gralloc module does not support this then the existing synchronous lock/unlock
mechanism will be used.
Change-Id: I8c3fd9592e0c5400ac9be84450f55a77cc0bbdc5
The gralloc API now provides a way for using lock/unlock with the Android
explicit synchronisation concept. This changes updates the GraphicBuffer class
to also expose this functionality, and updates the Surface class to make use of
in line with the dequeueBuffer/queueBuffer mechanism.
This new behaviour is dependent on GRALLOC_MODULE_API_VERSION_0_3. If the local
gralloc module does not support this then the existing synchronous lock/unlock
mechanism will be used.
Change-Id: I77daa1beb197b63b1c2f281b8414ac4ae4b5b03c
The Fence object was writing a size_t into the binder buffer
in flatten, which changes size if the producer and consumer
are running in a 32-bit and a 64-bit process. Use a uint32_t
instead.
Change-Id: Ifed526513800ce27f9d605101cddd922292cca37
Adds a globally-unique ID (PID + sequence number) to every
GraphicBuffer, which will remain the same while crossing Binder,
even if the underlying handles change.
Change-Id: Ib11330a4c5e99621b82204e0adb31b9a88658426
Chris Forbes