Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / libfmq / ac6537f3de4a407838c8d214ee3230d2f39b3827^1..ac6537f3de4a407838c8d214ee3230d2f39b3827 / .
commitac6537f3de4a407838c8d214ee3230d2f39b3827[log] [tgz]
authorDevin Moore <devinmoore@google.com>Mon Sep 28 22:53:22 2020 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Mon Sep 28 22:53:22 2020 +0000
tree35e7e62ec7659b06ef1c698ddaa0813deb56aa79
parent59d58480b93ee3163530aae62f0087d3c678b0e3 [diff]
parent7430f53c245b5bde9d2152d33afa92da50100020 [diff]
Add log in MessageQueueBase for mismatch in payload size from MQDescriptor am: b00fb7d03e am: a2b53b09cd am: e15c1edbf3 am: a80ef9159c am: 7430f53c24

Original change: https://android-review.googlesource.com/c/platform/system/libfmq/+/1439331

Change-Id: I72ff8a2f316594fb9a73f0515c8cd4163fbad5eb

diff --git a/include/fmq/MessageQueueBase.h b/include/fmq/MessageQueueBase.h
index 4fe1c6c..0cb83a6 100644
--- a/include/fmq/MessageQueueBase.h
+++ b/include/fmq/MessageQueueBase.h

@@ -563,10 +563,16 @@
      * the native_handle is valid and T matches quantum size.
      */
     if ((mDesc == nullptr) || !mDesc->isHandleValid() ||
-        (mDesc->countGrantors() < hardware::details::kMinGrantorCount) ||
-        (mDesc->getQuantum() != sizeof(T))) {
+        (mDesc->countGrantors() < hardware::details::kMinGrantorCount)) {
         return;
     }
+    if (mDesc->getQuantum() != sizeof(T)) {
+        hardware::details::logError(
+                "Payload size differs between the queue instantiation and the "
+                "MQDescriptor.");
+        return;
+    }
+
     const auto& grantors = mDesc->grantors();
     for (const auto& grantor : grantors) {
         if (hardware::details::isAlignedToWordBoundary(grantor.offset) == false) {

diff --git a/tests/fmq_unit_tests.cpp b/tests/fmq_unit_tests.cpp
index 718867b..d365054 100644
--- a/tests/fmq_unit_tests.cpp
+++ b/tests/fmq_unit_tests.cpp

@@ -268,6 +268,28 @@
      */
     ASSERT_FALSE(fmq->isValid());
 }
+
+/*
+ * Test creating a new queue from a modified MQDescriptor of another queue.
+ * If MQDescriptor.quantum doesn't match the size of the payload(T), the queue
+ * should be invalid.
+ */
+TEST_F(AidlOnlyBadQueueConfig, MismatchedPayloadSize) {
+    AidlMessageQueueSync16 fmq = AidlMessageQueueSync16(64);
+    aidl::android::hardware::common::MQDescriptor<uint16_t, SynchronizedReadWrite> desc =
+            fmq.dupeDesc();
+    // This should work fine with the unmodified MQDescriptor
+    AidlMessageQueueSync16 fmq2 = AidlMessageQueueSync16(desc);
+    ASSERT_TRUE(fmq2.isValid());
+
+    // Simulate a difference in payload size between processes handling the queue
+    desc.quantum = 8;
+    AidlMessageQueueSync16 fmq3 = AidlMessageQueueSync16(desc);
+
+    // Should fail due to the quantum not matching the sizeof(uint16_t)
+    ASSERT_FALSE(fmq3.isValid());
+}
+
 /*
  * Test that basic blocking works. This test uses the non-blocking read()/write()
  * APIs.