Closed Bug 1086596 Opened 10 years ago Closed 10 years ago

[B2G][Camera] Get boolean camera parameter crashes if missing

Categories

(Firefox OS Graveyard :: Gaia::Camera, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Camera
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(b2g-v2.1 affected, b2g-v2.2 affected)

Status:
RESOLVED FIXED
Milestone:
2.1 S7 (24Oct)
Tracking Flags:
Tracking Status
b2g-v2.1 --- affected
b2g-v2.2 --- affected

People

(Reporter: aosmond, Assigned: aosmond)

References

Details

Attachments

(1 file, 1 obsolete file)

bug1086596.patch, v2 [r=mikeh]
2.08 KB, patch
aosmond
: review+
Details | Diff | Splinter Review 
No STR but noticed this while testing that if GonkCameraParameters::Get is used for a boolean parameter not set by the camera driver or application, then the process will crash with the following signature:

Core was generated by `/system/b2g/plugin-container -greomni /system/b2g/omni.ja -appdir /system/b2g 3'.
Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0  strcmp () at bionic/libc/arch-arm/krait/bionic/strcmp.S:396
#1  0xb5253cc4 in get (aRet=@0xb05e1c0f: 176, aKey=0xfffffd4c <Address 0xfffffd4c out of bounds>, this=0x0) at ../../../../b2g-inbound/dom/camera/GonkCameraParameters.h:128
#2  mozilla::GonkCameraParameters::GetImpl<bool> (this=0xffffffff, aKey=<optimized out>, aValue=@0xb05e1c0f: 176) at ../../../../b2g-inbound/dom/camera/GonkCameraParameters.h:162
Assignee: nobody → aosmond
Blocks: camera-backlog
Status: NEW → ASSIGNED
status-b2g-v2.1: --- → affected
status-b2g-v2.2: --- → affected
Target Milestone: --- → 2.1 S7 (24Oct)
Attached patch bug1086596.patch, v1 (obsolete) — Splinter Review 

        Attachment #8508735 -
        Flags: review?(mhabicher)

    
    

    
  
Comment on attachment 8508735 [details] [diff] [review]
bug1086596.patch, v1

Review of attachment 8508735 [details] [diff] [review]:
-----------------------------------------------------------------

r+ with extreme prejudice.

::: dom/camera/GonkCameraParameters.cpp
@@ +351,5 @@
>  {
>    if (aSize.width > INT_MAX || aSize.height > INT_MAX) {
>      // AOSP can only handle signed ints.
>      DOM_CAMERA_LOGE("Camera parameter aKey=%d out of bounds (width=%u, height=%u)\n",
> +      aKey, aSize.width, aSize.height);

/facepalm. Good catch.

::: dom/camera/GonkCameraParameters.h
@@ +125,5 @@
> +    void
> +    get(const char* aKey, bool& aRet)
> +    {
> +      const char* value = get(aKey);
> +      aRet = value ? strcmp(value, FALSE) : false;

Oh strcmp(). Please make this:
  aRet = value ? strcmp(value, TRUE) == 0 : false;

        Attachment #8508735 -
        Flags: review?(mhabicher) → review+

    
  
Keywords: checkin-needed
Target Milestone: 2.1 S7 (24Oct) → ---

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/ac81f05436fa
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2.1 S7 (24Oct)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: