On klp-dev, UINT16_MAX isn't available unless __STDINT_LIMITS
is defined, which it's not for this code. This isn't relevant
for later branches due to bionic commit
e2a292d278b94fec3d078b1f1b27c1f89942c276
Don't use UINT16_MAX when we can just hardcode 65535.
Bug: 23905002
Change-Id: Ia1fd0f749cb7a4d19866075abc28ed6960424e54
fix klp-dev only build breakage.
frameworks/native/libs/input/Input.cpp: In member function 'android::status_t android::MotionEvent::readFromParcel(android::Parcel*)':
frameworks/native/libs/input/Input.cpp:494:47: error: 'UINT16_MAX' was not declared in this scope
Bug: 23905002
Change-Id: I4b6b864ca64d39a8873d045a61e0ddaea2ab9109
The uninitialized local variables pick up
whatever the memory content was there on stack.
This data gets sent to the remote process in
case of a failed transaction, which is a security
issue. Fixed.
(Partial manual merge of master change
12ba0f57d028a9c8f4eb3afddc326b70677d1e0c. Rest
to automerge from klp-dev)
For b/23696300
Change-Id: I704c9fab327b3545c58e8a9a96ac542eb7469c2a
The uninitialized local variables pick up
whatever the memory content was there on stack.
This data gets sent to the remote process in
case of a failed transaction, which is a security
issue. Fixed.
(Manual merge of master change
12ba0f57d028a9c8f4eb3afddc326b70677d1e0c )
For b/23696300
Change-Id: I665212d10da56f0803b5bb772d14c77e632ba2ab
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit 27182be9f2)
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit 27182be9f2)
The inputs to native_handle_create can cause an overflowed allocation,
so check the return value of native_handle_create before accessing
the memory it returns.
Bug:19334482
Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2
(cherry picked from commit eaac99a717)
There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.
Bug: 18076253
Change-Id: I3a3e50ee3078a4710e9737114e65afc923ed0573
ANativeWindow::queueBuffer takes ownership of the fence fd passed to
it, and will close it before returning. SurfaceFlinger's screenshot
code was also closing the syncFd it passed to queueBuffer. Most of the
time this meant the second close() silently failed, but in a rare race
condition the file descriptor could be reused between the two
close()s.
Bug: 17946343
Change-Id: Ib74fcb1dce52cc21328059c99b7c4c76f41aa3a5
On one device there is a bug, not yet root-caused, that causes fence
fds to not make it across binder from producer to consumer in the
IGraphicBufferProducer::queueBuffer call. Rather than returning an
error, which the producer typically treats as a fatal error, this
change allows the buffer to be queued with no fence. This avoids an
application crash at the risk of (likely single-frame) visible
corruption.
Bug: 17946343
Change-Id: I9ca89f94098c455e1e90f5f58d5336c936b04a9c
Copies the /data/misc/keychain/cacert-* directories to all users on
the device, whereas previously they were simply copied to user 0.
This is a shallow copy so anything that wasn't supposed to be there
will disappear.
Bug: 17811821
Change-Id: Iae5909ab8d5efdb83c9c8fdf0e10ab7060d022cc
Print more details about the exact reason that an ANR has occurred.
Also start checking that the window actually has a registered
input connection that is not in a broken state. These windows
are supposed to be cleaned up by the window manager promptly
as if the app had crashed but the pattern of ANRs we are observing
suggests that broken windows might be sticking around longer than
they should.
Bug: 17721767
Change-Id: Ie2803a3fa9642381ecadc198fec15e1b70d93c20
mmap returns MAP_FAILED (which is -1) and not NULL on
failure.
Diagnosed by cferris.
bug: 17909809
Change-Id: I609788ebf94742ef88af002d2d3f3bc9b9e520ac
Temporary extra debug validation for b/17477219: a Parcel recipient is
getting a positive but invalid fd unexpectedly. Trying to track down
where it's coming from.
Debug code for bug: 17477219
Change-Id: Idb1e71621025a3928c7adc88fd44790e1abd2a01
Blobcache is not yet enabled for surfaceflinger (as it should be).
As a temporary workaround, generate all needed shaders during
surfaceflinger initialization instead of doing the compilation
on-demand during ui transitions.
Change-Id: I14455b20a3f85f177d85c9c8b76d8ccc35379b39
i) Call removeFd() only if the fd in the BitTube has been
previously added to the Looper. Use a flag to determine whether the fd
has been previously added or not.
ii) Increment mPendingFlushEventsToSend after holding a connectionLock.
iii) Store the number of acks that are pending in SensorEventQueue
and send them all at once.
Bug: 17472228
Change-Id: I1ec834fea1112a9cfbd9cddd2198438793698502
Robert Shih