From 06aa44e37fc2be4320bbbcd3c7cd76c94d277bff Mon Sep 17 00:00:00 2001 From: Eric Laurent Date: Fri, 8 May 2015 10:50:03 -0700 Subject: DO NOT MERGE - audio flinger: fix fuzz test crash Clear output stream pointer in duplicating thread when the main output to which it is attached is closed. Also do not forward master mute and volume commands to duplicating threads as this is not applicable. Also fix logic in AudioFlinger::primaryPlaybackThread_l() that could accidentally return a duplicating thread. This never happens because the primary thread is always first in the list. Bug: 20731946. Change-Id: Ic8869699836920351b23d09544c50a258d3fb585 (cherry picked from commit f6870aefc5e31d4220f3778c4e79ff34a61f48ad) Signed-off-by: Wolfgang Wiedmeyer --- services/audioflinger/AudioFlinger.cpp | 22 ++++++++++++++++++---- services/audioflinger/AudioFlinger.h | 2 ++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp index 228dbfc..e5d9fa4 100644 --- a/services/audioflinger/AudioFlinger.cpp +++ b/services/audioflinger/AudioFlinger.cpp @@ -908,8 +908,12 @@ status_t AudioFlinger::setMasterVolume(float value) // assigned to HALs which do not have master volume support will apply // master volume during the mix operation. Threads with HALs which do // support master volume will simply ignore the setting. - for (size_t i = 0; i < mPlaybackThreads.size(); i++) + for (size_t i = 0; i < mPlaybackThreads.size(); i++) { + if (mPlaybackThreads.valueAt(i)->isDuplicating()) { + continue; + } mPlaybackThreads.valueAt(i)->setMasterVolume(value); + } return NO_ERROR; } @@ -1017,8 +1021,12 @@ status_t AudioFlinger::setMasterMute(bool muted) // assigned to HALs which do not have master mute support will apply master // mute during the mix operation. Threads with HALs which do support master // mute will simply ignore the setting. - for (size_t i = 0; i < mPlaybackThreads.size(); i++) + for (size_t i = 0; i < mPlaybackThreads.size(); i++) { + if (mPlaybackThreads.valueAt(i)->isDuplicating()) { + continue; + } mPlaybackThreads.valueAt(i)->setMasterMute(muted); + } return NO_ERROR; } @@ -4560,6 +4568,9 @@ void AudioFlinger::DuplicatingThread::removeOutputTrack(MixerThread *thread) mOutputTracks[i]->destroy(); mOutputTracks.removeAt(i); updateWaitTime_l(); + if (thread->getOutput() == mOutput) { + mOutput = NULL; + } return; } } @@ -8186,7 +8197,7 @@ status_t AudioFlinger::closeOutput_nonvirtual(audio_io_handle_t output) if (thread->type() == ThreadBase::MIXER) { for (size_t i = 0; i < mPlaybackThreads.size(); i++) { - if (mPlaybackThreads.valueAt(i)->type() == ThreadBase::DUPLICATING) { + if (mPlaybackThreads.valueAt(i)->isDuplicating()) { DuplicatingThread *dupThread = (DuplicatingThread *)mPlaybackThreads.valueAt(i).get(); dupThread->removeOutputTrack((MixerThread *)thread.get()); } @@ -8207,7 +8218,7 @@ status_t AudioFlinger::closeOutput_nonvirtual(audio_io_handle_t output) // The thread entity (active unit of execution) is no longer running here, // but the ThreadBase container still exists. - if (thread->type() != ThreadBase::DUPLICATING) { + if (!thread->isDuplicating()) { AudioStreamOut *out = thread->clearOutput(); ALOG_ASSERT(out != NULL, "out shouldn't be NULL"); // from now on thread->mOutput is NULL @@ -8529,6 +8540,9 @@ AudioFlinger::PlaybackThread *AudioFlinger::primaryPlaybackThread_l() const { for (size_t i = 0; i < mPlaybackThreads.size(); i++) { PlaybackThread *thread = mPlaybackThreads.valueAt(i).get(); + if(thread->isDuplicating()) { + continue; + } AudioStreamOut *output = thread->getOutput(); if (output != NULL && output->audioHwDev == mPrimaryHardwareDev) { return thread; diff --git a/services/audioflinger/AudioFlinger.h b/services/audioflinger/AudioFlinger.h index 5b718d7..c97ddd7 100644 --- a/services/audioflinger/AudioFlinger.h +++ b/services/audioflinger/AudioFlinger.h @@ -595,6 +595,8 @@ private: // static externally-visible type_t type() const { return mType; } + bool isDuplicating() const { return (mType == DUPLICATING); } + audio_io_handle_t id() const { return mId;} // dynamic externally-visible -- cgit v1.1