Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 5096defdaa4716ce81047a855d6e5ce3f8263600^! / . / media / jni / android_media_ImageReader.cpp
commit5096defdaa4716ce81047a855d6e5ce3f8263600[log] [tgz]
authorIgor Murashkin <iam@google.com>Tue Jun 24 10:49:11 2014 -0700
committerIgor Murashkin <iam@google.com>Tue Jun 24 18:29:18 2014 +0000
tree6fe4d2b0a19d1e5e54d3efb0a73af9b8805fe0cf
parenta296fece2b974a11bc624fd67b275863f17df867 [diff] [blame]
camera2: (legacy) Write the JPEG size as part of the blob transport

This fixes StillCaptureTest#testStillPreviewCombination

Change-Id: Ifbaae7828b2efcc1a768c77ce50718abd7f691d0

diff --git a/media/jni/android_media_ImageReader.cpp b/media/jni/android_media_ImageReader.cpp
index 41ed9e1..ad7ee7a 100644
--- a/media/jni/android_media_ImageReader.cpp
+++ b/media/jni/android_media_ImageReader.cpp

@@ -33,6 +33,9 @@
 #include <jni.h>
 #include <JNIHelp.h>
 
+#include <stdint.h>
+#include <inttypes.h>
+
 #define ALIGN(x, mask) ( ((x) + (mask) - 1) & ~((mask) - 1) )
 
 #define ANDROID_MEDIA_IMAGEREADER_CTX_JNI_ID       "mNativeContext"
@@ -300,6 +303,14 @@
 
     // failed to find size, default to whole buffer
     if (size == 0) {
+        /*
+         * This is a problem because not including the JPEG header
+         * means that in certain rare situations a regular JPEG blob
+         * will be misidentified as having a header, in which case
+         * we will get a garbage size value.
+         */
+        ALOGW("%s: No JPEG header detected, defaulting to size=width=%d",
+                __FUNCTION__, width);
         size = width;
     }
 
@@ -848,6 +859,14 @@
 
     // Create byteBuffer from native buffer
     Image_getLockedBufferInfo(env, buffer, idx, &base, &size);
+
+    if (size > static_cast<uint32_t>(INT32_MAX)) {
+        // Byte buffer have 'int capacity', so check the range
+        jniThrowExceptionFmt(env, "java/lang/IllegalStateException",
+                "Size too large for bytebuffer capacity " PRIu32, size);
+        return NULL;
+    }
+
     byteBuffer = env->NewDirectByteBuffer(base, size);
     // TODO: throw dvm exOutOfMemoryError?
     if ((byteBuffer == NULL) && (env->ExceptionCheck() == false)) {