From 7013cc7b1ffd7000616a19f32c6f26f166e4e2b7 Mon Sep 17 00:00:00 2001 From: Joel Stein Date: Tue, 5 May 2020 23:22:00 +0200 Subject: [PATCH] Camera: fix possible nullptr on setCallbacks Fix crashes like this: 05-03 20:55:09.029 6254 6254 F DEBUG : #00 pc 00000000 05-03 20:55:09.029 6254 6254 F DEBUG : #01 pc 000ec8ab /system/lib/libcameraservice.so (android::CameraHardwareInterface::notifyCallback(android::hardware::camera::device::V1_0::NotifyCallbackMsg, int, int)+18) (BuildId: 078b8118f1d0503988dc8f86045848d8) 05-03 20:55:09.030 6254 6254 F DEBUG : #02 pc 0002e6cd /system/lib/android.hardware.camera.device@1.0.so (android::hardware::camera::device::V1_0::BsCameraDeviceCallback::notifyCallback(android::hardware::camera::device::V1_0::NotifyCallbackMsg, int, int)+96) (BuildId: a964b5ab287096bfb4e9fb1357483757) 05-03 20:55:09.030 6254 6254 F DEBUG : #03 pc 00013783 /system/vendor/lib/camera.device@1.0-impl-htc_msm8960.so (android::hardware::camera::device::V1_0::implementation::CameraDevice::sNotifyCb(int, int, int, void*)+46) (BuildId: 183c013753a49cdceaf880f00b6083b7) 05-03 20:55:09.030 6254 6254 F DEBUG : #04 pc 00038b99 /system/vendor/lib/hw/camera.vendor.msm8960.so (android::QCameraStream_preview::processPreviewFrameWithDisplay(mm_camera_ch_data_buf_t*)+128) 05-03 20:55:09.030 6254 6254 F DEBUG : #05 pc 000086ff /system/lib/libmmcamera_interface2.so 05-03 20:55:09.030 6254 6254 F DEBUG : #06 pc 00008855 /system/lib/libmmcamera_interface2.so (mm_camera_msm_data_notify+248) 05-03 20:55:09.030 6254 6254 F DEBUG : #07 pc 0000736f /system/lib/libmmcamera_interface2.so 05-03 20:55:09.030 6254 6254 F DEBUG : #08 pc 000a6b67 /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+20) (BuildId: 1c34385a63ae9f807822c87c6b4126d2) 05-03 20:55:09.030 6254 6254 F DEBUG : #09 pc 00060101 /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 1c34385a63ae9f807822c87c6b4126d2) In case of HTC One M7, the nullptr appears because of this call: https://github.com/AICP/frameworks_av/blob/q10.0/services/camera/libcameraservice/CameraFlashlight.cpp#L528 And while we're on it, lets fix some more possible nullptr's too. Change-Id: I2f67756d576d62560a2e65af55ab868bfc3e36ba Signed-off-by: Julian Veit --- .../device1/CameraHardwareInterface.cpp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/services/camera/libcameraservice/device1/CameraHardwareInterface.cpp b/services/camera/libcameraservice/device1/CameraHardwareInterface.cpp index 61cada61a9..92a4c66205 100644 --- a/services/camera/libcameraservice/device1/CameraHardwareInterface.cpp +++ b/services/camera/libcameraservice/device1/CameraHardwareInterface.cpp @@ -228,7 +228,9 @@ hardware::Return CameraHardwareInterface::handleCallbackTimestampBatch( msgs.push_back({hidl_msg.timestamp, mem->mBuffers[hidl_msg.bufferIndex]}); } } - mDataCbTimestampBatch((int32_t) msgType, msgs, mCbUser); + if (mDataCbTimestampBatch != nullptr) { + mDataCbTimestampBatch((int32_t) msgType, msgs, mCbUser); + } return hardware::Void(); } @@ -777,7 +779,9 @@ void CameraHardwareInterface::sNotifyCb(int32_t msg_type, int32_t ext1, ALOGV("%s", __FUNCTION__); CameraHardwareInterface *object = static_cast(user); - object->mNotifyCb(msg_type, ext1, ext2, object->mCbUser); + if (object->mNotifyCb != nullptr) { + object->mNotifyCb(msg_type, ext1, ext2, object->mCbUser); + } } void CameraHardwareInterface::sDataCb(int32_t msg_type, @@ -794,7 +798,9 @@ void CameraHardwareInterface::sDataCb(int32_t msg_type, index, mem->mNumBufs); return; } - object->mDataCb(msg_type, mem->mBuffers[index], metadata, object->mCbUser); + if (object->mDataCb != nullptr){ + object->mDataCb(msg_type, mem->mBuffers[index], metadata, object->mCbUser); + } } void CameraHardwareInterface::sDataCbTimestamp(nsecs_t timestamp, int32_t msg_type, @@ -813,7 +819,9 @@ void CameraHardwareInterface::sDataCbTimestamp(nsecs_t timestamp, int32_t msg_ty index, mem->mNumBufs); return; } - object->mDataCbTimestamp(timestamp, msg_type, mem->mBuffers[index], object->mCbUser); + if (object->mDataCbTimestamp != nullptr) { + object->mDataCbTimestamp(timestamp, msg_type, mem->mBuffers[index], object->mCbUser); + } } camera_memory_t* CameraHardwareInterface::sGetMemory(