Commit 5986d79b authored Jan 07, 2019 by Kostya Kortchinsky

Enable Scudo for mediaextractor

Scudo is a hardened usermode allocator that aims at mitigating
heap-based vulnerabilities (heap overflow, double free, etc).

See go/scudo-allocator for more information.

This change enables the allocator for the mediaextractor service,
effectively linking in the Scudo dynamic library to the binary.
Allocation functions will be serviced by the allocator.

The 'deallocation-type-mismatch' check had to be disabled as some
third party libraries were triggering it.

In the event of a heap bug detected, the allocator will abort the
process with a 'Scudo ERROR' message in the log followed by the cause
(corrupted header, invalid state & so on) and the stack trace.

Test: CtsMediaTestCases on a marlin
Bug: 63907455
Change-Id: I9e0ea03c0d39e723a880e7fcd761fe0718bbbacd

parent 58b9bd5b

services/mediaextractor/Android.mk

+1 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,7 @@ LOCAL_MODULE:= mediaextractor
		LOCAL_INIT_RC := mediaextractor.rc
		LOCAL_C_INCLUDES := frameworks/av/media/libmedia
		LOCAL_CFLAGS := -Wall -Werror
		LOCAL_SANITIZE := scudo
		include $(BUILD_EXECUTABLE)

		# service seccomp filter

services/mediaextractor/main_extractorservice.cpp

+6 −0

Original line number	Diff line number	Diff line
		@@ -42,6 +42,12 @@ static const char kSystemSeccompPolicyPath[] =
		static const char kVendorSeccompPolicyPath[] =
		"/vendor/etc/seccomp_policy/mediaextractor.policy";

		// Disable Scudo's mismatch allocation check, as it is being triggered
		// by some third party code.
		extern "C" const char *__scudo_default_options() {
		return "DeallocationTypeMismatch=false";
		}

		int main(int argc __unused, char** argv)
		{
		limitProcessMemory(