Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac5f5cad authored by Gopalakrishnan Nallasamy's avatar Gopalakrishnan Nallasamy
Browse files

[RESTRICT AUTOMERGE] C2AllocatorIon:protect mMappings using mutex 

Use mutex to prevent multiple threads accessing same member of
mMappings list at the same time.

Bug: 193790350

Test: adb shell UBSAN_OPTIONS=print_stacktrace=1 /data/local/tmp/C2FuzzerMp3Dec -rss_limit_mb=2560 -timeout=90 -runs=100 /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerMp3Dec-5713156165206016
Change-Id: I24e53629d5a6dfad22b84dd2278eb1a288c9ab35
(cherry picked from commit 9d2295f3)
parent b240660c

media/codec2/vndk/C2AllocatorIon.cpp

+22 −15
Original line number Diff line number Diff line
@@ -238,6 +238,7 @@ public: 


        c2_status_t err = mapInternal(mapSize, mapOffset, alignmentBytes, prot, flags, &(map.addr), addr);

        if (map.addr) {

            std::lock_guard<std::mutex> guard(mMutexMappings);

            mMappings.push_back(map);

        }

        return err;
@@ -248,6 +249,8 @@ public: 
            ALOGD("tried to unmap unmapped buffer");

            return C2_NOT_FOUND;

        }

        { // Scope for the lock_guard of mMutexMappings.

            std::lock_guard<std::mutex> guard(mMutexMappings);

            for (auto it = mMappings.begin(); it != mMappings.end(); ++it) {

                if (addr != (uint8_t *)it->addr + it->alignmentBytes ||

                        size + it->alignmentBytes != it->size) {
@@ -262,9 +265,11 @@ public: 
                    *fence = C2Fence(); // not using fences

                }

                (void)mMappings.erase(it);

            ALOGV("successfully unmapped: %d", mHandle.bufferFd());

                ALOGV("successfully unmapped: addr=%p size=%zu fd=%d", addr, size,

                          mHandle.bufferFd());

                return C2_OK;

            }

        }

        ALOGD("unmap failed to find specified map");

        return C2_BAD_VALUE;

    }
@@ -272,6 +277,7 @@ public: 
    virtual ~Impl() {

        if (!mMappings.empty()) {

            ALOGD("Dangling mappings!");

            std::lock_guard<std::mutex> guard(mMutexMappings);

            for (const Mapping &map : mMappings) {

                (void)munmap(map.addr, map.size);

            }
@@ -351,6 +357,7 @@ protected: 
        size_t size;

    };

    std::list<Mapping> mMappings;

    std::mutex mMutexMappings;

};



class C2AllocationIon::ImplV2 : public C2AllocationIon::Impl {