j is a ssize_t, which can go negative. If it goes negative,
the resulting multiplication of mItemSize*j doesn't make
any sense. Since the value is never used, just don't perform
the calculation if j < 0.
Bug: 23607865
Change-Id: I14f6f6506645d582f7d67a2e2d60ead3cb18b957
Transport atransport objects are semi-reference counted: the input and
output threads each hold a reference. The adb disconnect command was
calling transport_unref to release a reference that it never had in the
first place. This meant that the refcount dropped to zero and the object
was deleted before either the input or output thread released its
reference. When that last thread released its reference, it wrote to
freed memory and also sometimes crashed.
This fix is to not release any unheld reference, instead it just kicks
the transport to break remote_read in output_thread. So all transport
close flow goes the following way:
output_thread (exit) -> main thread (offline the transport) ->
input thread (exit) -> main thread (destroy the transport)
Change-Id: Iad1fe718acc8716f3a79c8c22b426a1b2450452c
Turn off integer sanitization on android_memset. memset()ing is
expected to be a fast operation.
Avoid the use of the "while (size--) { }" construct, which harmlessly
underflows.
Change-Id: Ia61ff2323c759bf52df7e70b8be2fae0b0366dda
It is reported by tsan as a double checked locking. But I think
it is not a real data race. Because I think the old code is able
to make sure t->kick() is only called once, and the caller of
kick_transport is not relying on the side-effect of calling
t->kick().
But as it is not perf critical, I don't mind breaking the double
checked locking pattern.
Bug: 23385662
Change-Id: Ie3597dd56bb514117c3865d2afcfd7c115731a78
If s->peer->enqueue() failed, s may be freed. So we should use
saved_xxx instead of s->xxx before verifying the return value.
Change-Id: I6c072406dceb98e2d02798d0dcdc428fa99e66fb
- sniff for PID in kernel log messages if available
- properly deal with klogd watermark in face of modified output
- deal more stringently with priority tag, must have [ following
- suppress process-name stutter in tag that can happen
- do not use : to demark tag if within [ ]
Mediatek-special change that adds <printk_state>(<cpu>)[<pid>:<comm>]
as a prefix to the printk messages. Along the lines of (simplified
for entertainment purposes, YMMV):
char tbuf[50]; /* printk prefix */
int this_cpu = smp_processor_id();
char state = __raw_get_cpu_var(printk_state);
unsigned tlen = snprintf(tbuf, sizeof(tbuf), "%c(%x)[%d:%s]",
state, this_cpu, current->pid, current->comm);
Bug: 23517551
Change-Id: I568e25c5aa6d8474835454a0e83b19c2921b7985
Call abort() on undefined or sketchy integer behavior.
Protects against integer overflow attacks.
Tested on Nexus 5 and Nexus 9 with no obvious problems.
Change-Id: I6cb28b4a0f5feed69ea472dfac8804fb0bf99719
As far as I can see, all asockets operations happen in fdevent_loop()
in the main thread, excepting close_all_sockets(). Instead of adding
lock and ref_count for each asocket, a simpler way would be moving
close_all_sockets() from input_thread to the main thread.
In input_thread(), there are two path to break the loop and call
close_all_sockets(). One path is when receiving offline A_SYNC, which
is sent by the main thread. The other path is when read_packet
fails, which I believe is almost not possible and doesn't matter
(Because t->fd is closed just before t is freed.). So I move
close_all_sockets() to handle_offline() in the main thread.
the socket_list_lock in sockets.cpp could be removed. But I prefer
to leave it for the following changes.
Bug: 6558362
Change-Id: I5da23f60a67a331262c62693b9b127fe2689c799
Hash functions rely on overflow behavior, so whitelist them.
ATRACE_TAG_NOT_READY: use an unsigned constant when shifting bits.
Otherwise, the value overflows on shift. The users of this constant
assign it to a uint64_t variable.
Change-Id: I21c437ce2083525e906c3ead3259ec34a1ef4b66
The error was this:
system/core/adb/usb_osx.cpp:203:74: error: values of type 'UInt32' should not
be used as format arguments; add an explicit cast to 'unsigned int' instead
[-Werror,-Wformat]
snprintf(devpathBuf, sizeof(devpathBuf), "usb:%" PRIu32 "X", locationId);
~~~ ^~~~~~~~~~
(unsigned int)
Which seems to be because on LP64 UInt32 is "unsigned int" but on LP32 it was
"unsigned long". We don't have to care about LP32, so -- if we can -- we're
probably better off just using uint32_t instead of UInt32.
Change-Id: I576f76cf2016ee59caccbc317ef74b6e8d71d722
Instead of using /etc/lsb-release to store the version, channel and
build_target_id, use the Android system properties.
BUG: 22879642
Change-Id: Ic79e74bd14bf8e2c55549c08963a66700b49b544
In an earlier code review it was pointed out that there was something
very weird about fail_errno. It didn't seem to make sense that we'd
often try to continue after reporting failure. This patch cleans up
all that and assumes that if we've reported failure to the client,
we should stop what we're doing.
Bug: http://b/23437039
Change-Id: I39c38650ed9f9d5e30adbf68a7545c9e4a6ab812
In order to use metrics_lib, crash_reporter needs to be run with
system group permissions. To use dbus, it needs dbus group
permissions.
Bug: 23406290
Change-Id: Ic679a057afa46aaadd59429aab0aea072c1973c5
Nick Kralevich