gralloc1: Check input addresses for null
Change-Id: Iddfcc07e50d3503a69b3604e5bd7f025f2b20534
CRs-Fixed: 2114346
diff --git a/libgralloc1/gr_device_impl.cpp b/libgralloc1/gr_device_impl.cpp
index 03e42ab..d421ff1 100644
--- a/libgralloc1/gr_device_impl.cpp
+++ b/libgralloc1/gr_device_impl.cpp
@@ -347,6 +347,10 @@
gralloc1_error_t GrallocImpl::GetProducerUsage(gralloc1_device_t *device, buffer_handle_t buffer,
gralloc1_producer_usage_t *outUsage) {
+ if (!outUsage) {
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status == GRALLOC1_ERROR_NONE) {
const private_handle_t *hnd = PRIV_HANDLE_CONST(buffer);
@@ -358,6 +362,10 @@
gralloc1_error_t GrallocImpl::GetBufferStride(gralloc1_device_t *device, buffer_handle_t buffer,
uint32_t *outStride) {
+ if (!outStride) {
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status == GRALLOC1_ERROR_NONE) {
*outStride = UINT(PRIV_HANDLE_CONST(buffer)->GetStride());
@@ -373,6 +381,10 @@
return GRALLOC1_ERROR_BAD_DESCRIPTOR;
}
+ if (!device) {
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
GrallocImpl const *dev = GRALLOC_IMPL(device);
gralloc1_error_t status = dev->buf_mgr_->AllocateBuffers(num_descriptors, descriptors,
out_buffers);
@@ -403,6 +415,10 @@
gralloc1_error_t GrallocImpl::GetNumFlexPlanes(gralloc1_device_t *device, buffer_handle_t buffer,
uint32_t *out_num_planes) {
+ if (!out_num_planes) {
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
if (status == GRALLOC1_ERROR_NONE) {
GrallocImpl const *dev = GRALLOC_IMPL(device);
@@ -425,7 +441,8 @@
int32_t acquire_fence) {
ATRACE_CALL();
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
- if (status != GRALLOC1_ERROR_NONE) {
+ if (status != GRALLOC1_ERROR_NONE || !out_data ||
+ !region) { // currently we ignore the region/rect client wants to lock
CloseFdIfValid(acquire_fence);
return status;
}
@@ -452,13 +469,8 @@
// return GRALLOC1_ERROR_BAD_VALUE;
}
- // currently we ignore the region/rect client wants to lock
- if (region == NULL) {
- return GRALLOC1_ERROR_BAD_VALUE;
- }
// TODO(user): Need to check if buffer was allocated with the same flags
status = dev->buf_mgr_->LockBuffer(hnd, prod_usage, cons_usage);
-
*out_data = reinterpret_cast<void *>(hnd->base);
return status;
@@ -470,7 +482,12 @@
const gralloc1_rect_t *region,
struct android_flex_layout *out_flex_layout,
int32_t acquire_fence) {
- void *out_data;
+ if (!out_flex_layout) {
+ CloseFdIfValid(acquire_fence);
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
+ void *out_data {};
gralloc1_error_t status = GrallocImpl::LockBuffer(device, buffer, prod_usage, cons_usage, region,
&out_data, acquire_fence);
if (status != GRALLOC1_ERROR_NONE) {
@@ -486,11 +503,14 @@
gralloc1_error_t GrallocImpl::UnlockBuffer(gralloc1_device_t *device, buffer_handle_t buffer,
int32_t *release_fence) {
gralloc1_error_t status = CheckDeviceAndHandle(device, buffer);
-
if (status != GRALLOC1_ERROR_NONE) {
return status;
}
+ if (!release_fence) {
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
const private_handle_t *hnd = PRIV_HANDLE_CONST(buffer);
GrallocImpl const *dev = GRALLOC_IMPL(device);
@@ -500,6 +520,10 @@
}
gralloc1_error_t GrallocImpl::Gralloc1Perform(gralloc1_device_t *device, int operation, ...) {
+ if (!device) {
+ return GRALLOC1_ERROR_BAD_VALUE;
+ }
+
va_list args;
va_start(args, operation);
GrallocImpl const *dev = GRALLOC_IMPL(device);