diff --git a/media/codec2/vndk/platform/C2SurfaceSyncObj.cpp b/media/codec2/vndk/platform/C2SurfaceSyncObj.cpp index e55bdc0047..bbbd03efeb 100644 --- a/media/codec2/vndk/platform/C2SurfaceSyncObj.cpp +++ b/media/codec2/vndk/platform/C2SurfaceSyncObj.cpp @@ -64,6 +64,11 @@ std::shared_ptr C2SurfaceSyncMemory::Import( } HandleSyncMem *o = static_cast(handle); + if (o->size() < sizeof(C2SyncVariables)) { + android_errorWriteLog(0x534e4554, "240140929"); + return nullptr; + } + void *ptr = mmap(NULL, o->size(), PROT_READ | PROT_WRITE, MAP_SHARED, o->memFd(), 0); if (ptr == MAP_FAILED) { diff --git a/media/libstagefright/NuMediaExtractor.cpp b/media/libstagefright/NuMediaExtractor.cpp index 2b45f2d16d..5b39618ad7 100644 --- a/media/libstagefright/NuMediaExtractor.cpp +++ b/media/libstagefright/NuMediaExtractor.cpp @@ -639,9 +639,11 @@ status_t NuMediaExtractor::appendVorbisNumPageSamples( numPageSamples = -1; } + // insert, including accounting for the space used. memcpy((uint8_t *)buffer->data() + mbuf->range_length(), &numPageSamples, sizeof(numPageSamples)); + buffer->setRange(buffer->offset(), buffer->size() + sizeof(numPageSamples)); uint32_t type; const void *data; @@ -690,6 +692,8 @@ status_t NuMediaExtractor::readSampleData(const sp &buffer) { ssize_t minIndex = fetchAllTrackSamples(); + buffer->setRange(0, 0); // start with an empty buffer + if (minIndex < 0) { return ERROR_END_OF_STREAM; } @@ -705,25 +709,25 @@ status_t NuMediaExtractor::readSampleData(const sp &buffer) { sampleSize += sizeof(int32_t); } + // capacity() is ok since we cleared out the buffer if (buffer->capacity() < sampleSize) { return -ENOMEM; } + const size_t srclen = it->mBuffer->range_length(); const uint8_t *src = (const uint8_t *)it->mBuffer->data() + it->mBuffer->range_offset(); - memcpy((uint8_t *)buffer->data(), src, it->mBuffer->range_length()); + memcpy((uint8_t *)buffer->data(), src, srclen); + buffer->setRange(0, srclen); status_t err = OK; if (info->mTrackFlags & kIsVorbis) { + // adjusts range when it inserts the extra bits err = appendVorbisNumPageSamples(it->mBuffer, buffer); } - if (err == OK) { - buffer->setRange(0, sampleSize); - } - return err; } diff --git a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp index 583ff01f34..f8b1d927db 100644 --- a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp +++ b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp @@ -711,8 +711,29 @@ Status AudioPolicyService::startInput(int32_t portIdAidl) Mutex::Autolock _l(mLock); + ALOGW_IF(client->silenced, "startInput on silenced input for port %d, uid %d. Unsilencing.", + portIdAidl, + client->attributionSource.uid); + + if (client->active) { + ALOGE("Client should never be active before startInput. Uid %d port %d", + client->attributionSource.uid, portId); + finishRecording(client->attributionSource, client->attributes.source); + return binderStatusFromStatusT(INVALID_OPERATION); + } + + // Force the possibly silenced client to be unsilenced since we just called + // startRecording (i.e. we have assumed it is unsilenced). + // At this point in time, the client is inactive, so no calls to appops are sent in + // setAppState_l. + // This ensures existing clients have the same behavior as new clients (starting unsilenced). + // TODO(b/282076713) + setAppState_l(client, APP_STATE_TOP); + client->active = true; client->startTimeNs = systemTime(); + // This call updates the silenced state, and since we are active, appropriately notifies appops + // if we silence the track. updateUidStates_l(); status_t status;