Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 926b82fa authored by ilewis's avatar ilewis
Browse files

Remove integer sanitization from ringbuffer pointer arithmetic 

The AudioTrackShared ringbuffer uses int32 positions and allows overflow.
This confuses the integer sanitization code and makes it panic.
The simplest solution for now seems to be to remove sanitization
from the methods that touch the ringbuffer pointers.

Bug 27680456

Change-Id: Ie4d7daf0fb1e4e223ee97c412af7b1bd9c6916eb
parent 7f7052f5

media/libmedia/AudioTrackShared.cpp

+5 −0
Original line number Diff line number Diff line
@@ -106,6 +106,7 @@ uint32_t ClientProxy::setBufferSizeInFrames(uint32_t size) 
    return clippedSize;

}



__attribute__((no_sanitize("integer")))

status_t ClientProxy::obtainBuffer(Buffer* buffer, const struct timespec *requested,

        struct timespec *elapsed)

{
@@ -331,6 +332,7 @@ end: 
    return status;

}



__attribute__((no_sanitize("integer")))

void ClientProxy::releaseBuffer(Buffer* buffer)

{

    LOG_ALWAYS_FATAL_IF(buffer == NULL);
@@ -618,6 +620,7 @@ ServerProxy::ServerProxy(audio_track_cblk_t* cblk, void *buffers, size_t frameCo 
    cblk->mBufferSizeInFrames = frameCount;

}



__attribute__((no_sanitize("integer")))

status_t ServerProxy::obtainBuffer(Buffer* buffer, bool ackFlush)

{

    LOG_ALWAYS_FATAL_IF(buffer == NULL || buffer->mFrameCount == 0);
@@ -727,6 +730,7 @@ no_init: 
    return NO_INIT;

}



__attribute__((no_sanitize("integer")))

void ServerProxy::releaseBuffer(Buffer* buffer)

{

    LOG_ALWAYS_FATAL_IF(buffer == NULL);
@@ -779,6 +783,7 @@ void ServerProxy::releaseBuffer(Buffer* buffer) 


// ---------------------------------------------------------------------------



__attribute__((no_sanitize("integer")))

size_t AudioTrackServerProxy::framesReady()

{

    LOG_ALWAYS_FATAL_IF(!mIsOut);