Sanity check IMemory access versus underlying mmap (a5d2913b) · Commits · e / os / android_frameworks_native-old

libs/binder/IMemory.cpp

+15 −3

Original line number	Original line	Diff line number	Diff line
	@@ -26,6 +26,7 @@
	#include <sys/mman.h>		#include <sys/mman.h>

	#include <binder/IMemory.h>		#include <binder/IMemory.h>
			#include <cutils/log.h>
	#include <utils/KeyedVector.h>		#include <utils/KeyedVector.h>
	#include <utils/threads.h>		#include <utils/threads.h>
	#include <utils/Atomic.h>		#include <utils/Atomic.h>
	@@ -187,15 +188,26 @@ sp<IMemoryHeap> BpMemory::getMemory(ssize_t* offset, size_t* size) const
	if (heap != 0) {		if (heap != 0) {
	mHeap = interface_cast<IMemoryHeap>(heap);		mHeap = interface_cast<IMemoryHeap>(heap);
	if (mHeap != 0) {		if (mHeap != 0) {
			size_t heapSize = mHeap->getSize();
			if (s <= heapSize
			&& o >= 0
			&& (static_cast<size_t>(o) <= heapSize - s)) {
	mOffset = o;		mOffset = o;
	mSize = s;		mSize = s;
			} else {
			// Hm.
			android_errorWriteWithInfoLog(0x534e4554,
			"26877992", -1, NULL, 0);
			mOffset = 0;
			mSize = 0;
			}
	}		}
	}		}
	}		}
	}		}
	if (offset) *offset = mOffset;		if (offset) *offset = mOffset;
	if (size) *size = mSize;		if (size) *size = mSize;
	return mHeap;		return (mSize > 0) ? mHeap : 0;
	}		}

	// ---------------------------------------------------------------------------		// ---------------------------------------------------------------------------