Closed
Bug 1034146
Opened 11 years ago
Closed 11 years ago
[HwComposer] HwcDebug is causing buffer overwrites, crashes
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
People
(Reporter: erahm, Assigned: sushilchauhan)
References
Details
(Whiteboard: [caf priority: p2][CR 689431][MemShrink][POVB])
Attachments
(1 file)
|
1002 bytes,
patch
|
Details | Diff | Splinter Review |
On my Flame, |HwcDebug::HwcDebug| performs a |strncpy| with an incorrect length which leads to a non-null terminated string. It then does a |sprintf| with this value leading to memory corruption.
DMD builds are crashing 100% of the time due to this, but it is certainly happening other builds as well. This affects 1.4+ at least.
|
Reporter | |
Comment 1•11 years ago
|
||
Sushil can you take a look at this?
Flags: needinfo?(sushilchauhan)
Nominating for 1.4. People are still testing/developing 1.4 on QC devices (e.g. Flame) so we need this there to have working tools.
blocking-b2g: --- → 1.4?
Fix for this issue has landed in HAL. Can you please test with the CAF patch:
https://www.codeaurora.org/cgit/quic/la/platform/hardware/qcom/display/commit/?h=b2g_kk_3.5&id=f0366091389b3f0648a92e6a7173237937bc0393
Eric, can you test with above CAF patch and let me know?
Assignee: nobody → sushilchauhan
Flags: needinfo?(sushilchauhan) → needinfo?(erahm)
|
|
Reporter | |
Comment 6•11 years ago
|
||
(In reply to Sushil from comment #4)
> Eric, can you test with above CAF patch and let me know?
The patch does not apply to my local checkout, inspecting by hand does indicate that it contains approximately the same fix.
|
|
Reporter | |
Updated•11 years ago
|
Flags: needinfo?(erahm)
Thanks.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Comment 8•11 years ago
|
||
Hi Vincent,
Can you check if this patch has any impact on non-caf projects?
Thanks
Flags: needinfo?(vliu)
|
||
Comment 9•11 years ago
|
||
erahm gets a gold star for this one.
|
||
Updated•11 years ago
|
Whiteboard: [MemShrink] → [MemShrink][POVB]
Target Milestone: --- → 2.0 S5 (4july)
|
||
Comment 10•11 years ago
|
||
(In reply to Wayne Chang [:wchang] from comment #8)
> Hi Vincent,
>
> Can you check if this patch has any impact on non-caf projects?
>
> Thanks
Checked with two other non-caf jrojects and they didn't have HwcDebug::HwcDebug() code implementation.
Flags: needinfo?(vliu)
|
||
Updated•11 years ago
|
Whiteboard: [MemShrink][POVB] → [CR 689431][MemShrink][POVB]
|
|
||
Updated•11 years ago
|
Whiteboard: [CR 689431][MemShrink][POVB] → [caf priority: p2][CR 689431][MemShrink][POVB]
|
|
||
Updated•11 years ago
|
Blocks: CAF-v2.0-FC-metabug
Hi Eric, I was wondering is this fixed for 1.4+? Or do we need to push it to 2.0, 2.1?
Flags: needinfo?(erahm)
|
|
Reporter | |
Comment 13•11 years ago
|
||
We're still waiting for the fix to land upstream. See bug 1019634 comment 18.
Flags: needinfo?(erahm)
|
||
Comment 14•11 years ago
|
||
|
|
||
Comment 15•11 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•