LineageOS/android_development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

DO NOT MERGE opengl: Fix QemuPipeStream::readFully reading beyond end of buffer

Browse Source 
--- This is a back-port of AOSP change 4a7e93da by Yu Ning; the description of the original patch follows below ---

When GPU emulation is enabled, the emulator sometimes freezes, with an
error message in logcat similar to the following:

 QemuPipeStream::readFully failed (buf 0x7f9cd8ab8000): Bad address

Some users have reported the same issue, e.g.:

 https://code.google.com/p/android/issues/detail?id=170633

The root cause is that QemuPipeStream::readFully(void *buf, size_t len)
may attempt to read beyond (buf + len), resulting in a -EFAULT return
value from the goldfish/qemu pipe driver.

Fix this bug to improve the stability of the emulator. In addition,

 - Add more information to the said error message to facilitate future
   debugging.
 - Use "%zu" instead of "%d" for logging size_t variables.

Change-Id: I8785fee0427fd6c0f25237470b346e769a82c992
Signed-off-by: Yu Ning <yu.ning@intel.com>
Signed-off-by: Pengcheng Chen <pengcheng.chen@intel.com>
This commit is contained in:
Konstantinos Menychtas
2015-07-17 15:23:01 -07:00
parent 7bf71cfb09
commit 0e94cee9e4
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tools/emulator/opengl/system/OpenglSystemCommon/QemuPipeStream.cpp
View File

@@ -122,12 +122,14 @@ const unsigned char *QemuPipeStream::readFully(void *buf, size_t len)
//DBG(">> QemuPipeStream::readFully %d\n", len);
if (!valid()) return NULL;
if (!buf) {
if (len>0) ERR("QemuPipeStream::readFully failed, buf=NULL, len %d", len);
if (len > 0) {
ERR("QemuPipeStream::readFully failed, buf=NULL, len %zu", len);
}
return NULL; // do not allow NULL buf in that implementation
}
size_t res = len;
while (res > 0) {
ssize_t stat = ::read(m_sock, (char *)(buf) + len - res, len);
ssize_t stat = ::read(m_sock, (char *)(buf) + len - res, res);
if (stat == 0) {
// client shutdown;
return NULL;
@@ -135,8 +137,8 @@ const unsigned char *QemuPipeStream::readFully(void *buf, size_t len)
if (errno == EINTR) {
continue;
} else {
ERR("QemuPipeStream::readFully failed (buf %p): %s\n",
buf, strerror(errno));
ERR("QemuPipeStream::readFully failed (buf %p, len %zu"
", res %zu): %s\n", buf, len, res, strerror(errno));
return NULL;
}
} else {