commit c02430d3645d46d69946cea73d77db5537d22d95
author Ashish Jain <ashishj@codeaurora.org> Mon Jan 04 10:42:43 2016 +0530
committer Ashish Jain <ashishj@codeaurora.org> Mon Jan 04 10:42:43 2016 +0530
tree a569ae947a9e3b01e52e2475fce3adc2623004e2
parent 9042760ed1a0e83a1cdd41f44d728de6e13bdf7c

hal: Fix illegal access of member variable without initialization

-In case of record usecase, out stream is not initialized,
if still accessed might result in illegal memory access
leading to heap corruption.
-Ensure access to out stream only in case of playback usecase.
-Add check to send correct app type in case of feedback speaker
potection. refer change:I033034cad6eb1886e2afa7a6875d18c3391b46c1

Change-Id: Ia70a8d69beb3ce1cb6c742977bd4ec23df3b0b77

hal/audio_extn/utils.c

diff --git a/hal/audio_extn/utils.c b/hal/audio_extn/utils.c
index ce49745..d91763e 100644
--- a/hal/audio_extn/utils.c
+++ b/hal/audio_extn/utils.c
@@ -609,31 +609,52 @@
         rc = -EINVAL;
         goto exit_send_app_type_cfg;
     }
-    if ((24 == usecase->stream.out->bit_width) &&
-        (usecase->stream.out->devices & AUDIO_DEVICE_OUT_SPEAKER)) {
-        usecase->stream.out->app_type_cfg.sample_rate = DEFAULT_OUTPUT_SAMPLING_RATE;
-    } else if (!audio_is_this_native_usecase(usecase) ||
-        (usecase->stream.out->sample_rate < OUTPUT_SAMPLING_RATE_44100)) {
-        usecase->stream.out->app_type_cfg.sample_rate = DEFAULT_OUTPUT_SAMPLING_RATE;
-    }
-    sample_rate = usecase->stream.out->app_type_cfg.sample_rate;
+    if ((usecase->type == PCM_PLAYBACK) && (usecase->stream.out == NULL)) {
+         sample_rate = DEFAULT_OUTPUT_SAMPLING_RATE;
+         app_type_cfg[len++] = platform_get_default_app_type(adev->platform);
+         app_type_cfg[len++] = acdb_dev_id;
+         app_type_cfg[len++] = sample_rate;
+         ALOGI("%s PLAYBACK app_type %d, acdb_dev_id %d, sample_rate %d",
+               __func__, platform_get_default_app_type(adev->platform), acdb_dev_id, sample_rate);
+    } else if (usecase->type == PCM_PLAYBACK) {
 
-    property_get("audio.playback.mch.downsample",value,"");
-    if (!strncmp("true", value, sizeof("true"))) {
-        if ((popcount(usecase->stream.out->channel_mask) > 2) &&
-               (usecase->stream.out->app_type_cfg.sample_rate > CODEC_BACKEND_DEFAULT_SAMPLE_RATE) &&
-               !(usecase->stream.out->flags & AUDIO_OUTPUT_FLAG_COMPRESS_PASSTHROUGH))
-           sample_rate = CODEC_BACKEND_DEFAULT_SAMPLE_RATE;
-    }
+         if ((24 == usecase->stream.out->bit_width) &&
+             (usecase->stream.out->devices & AUDIO_DEVICE_OUT_SPEAKER)) {
+             usecase->stream.out->app_type_cfg.sample_rate = DEFAULT_OUTPUT_SAMPLING_RATE;
+         } else if (!audio_is_this_native_usecase(usecase) ||
+             (usecase->stream.out->sample_rate < OUTPUT_SAMPLING_RATE_44100)) {
+             usecase->stream.out->app_type_cfg.sample_rate = DEFAULT_OUTPUT_SAMPLING_RATE;
+         }
+         sample_rate = usecase->stream.out->app_type_cfg.sample_rate;
 
-    app_type_cfg[len++] = usecase->stream.out->app_type_cfg.app_type;
-    app_type_cfg[len++] = acdb_dev_id;
-    if (((usecase->stream.out->format == AUDIO_FORMAT_E_AC3) ||
-        (usecase->stream.out->format == AUDIO_FORMAT_E_AC3_JOC)) &&
-        (usecase->stream.out->flags  & AUDIO_OUTPUT_FLAG_COMPRESS_PASSTHROUGH))
-        app_type_cfg[len++] = sample_rate * 4;
-    else
-        app_type_cfg[len++] = sample_rate;
+         property_get("audio.playback.mch.downsample",value,"");
+         if (!strncmp("true", value, sizeof("true"))) {
+             if ((popcount(usecase->stream.out->channel_mask) > 2) &&
+                    (usecase->stream.out->app_type_cfg.sample_rate > CODEC_BACKEND_DEFAULT_SAMPLE_RATE) &&
+                    !(usecase->stream.out->flags & AUDIO_OUTPUT_FLAG_COMPRESS_PASSTHROUGH))
+                sample_rate = CODEC_BACKEND_DEFAULT_SAMPLE_RATE;
+         }
+
+         app_type_cfg[len++] = usecase->stream.out->app_type_cfg.app_type;
+         app_type_cfg[len++] = acdb_dev_id;
+         if (((usecase->stream.out->format == AUDIO_FORMAT_E_AC3) ||
+             (usecase->stream.out->format == AUDIO_FORMAT_E_AC3_JOC)) &&
+             (usecase->stream.out->flags  & AUDIO_OUTPUT_FLAG_COMPRESS_PASSTHROUGH))
+             app_type_cfg[len++] = sample_rate * 4;
+         else
+             app_type_cfg[len++] = sample_rate;
+
+         ALOGI("%s PLAYBACK app_type %d, acdb_dev_id %d, sample_rate %d",
+             __func__, usecase->stream.out->app_type_cfg.app_type, acdb_dev_id, sample_rate);
+
+    } else if (usecase->type == PCM_CAPTURE) {
+         app_type_cfg[len++] = platform_get_default_app_type_v2(adev->platform, usecase->type);
+         app_type_cfg[len++] = acdb_dev_id;
+         app_type_cfg[len++] = sample_rate;
+         ALOGI("%s CAPTURE app_type %d, acdb_dev_id %d, sample_rate %d",
+           __func__, platform_get_default_app_type_v2(adev->platform, usecase->type),
+           acdb_dev_id, sample_rate);
+    }
 
     mixer_ctl_set_array(ctl, app_type_cfg, len);
     rc = 0;