Closed
Bug 1034146
Opened 10 years ago
Closed 10 years ago
[HwComposer] HwcDebug is causing buffer overwrites, crashes
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
People
(Reporter: erahm, Assigned: sushilchauhan)
References
Details
(Whiteboard: [caf priority: p2][CR 689431][MemShrink][POVB])
Attachments
(1 file)
(deleted),
patch
|
Details | Diff | Splinter Review |
On my Flame, |HwcDebug::HwcDebug| performs a |strncpy| with an incorrect length which leads to a non-null terminated string. It then does a |sprintf| with this value leading to memory corruption. DMD builds are crashing 100% of the time due to this, but it is certainly happening other builds as well. This affects 1.4+ at least.
Reporter | ||
Comment 1•10 years ago
|
||
Sushil can you take a look at this?
Flags: needinfo?(sushilchauhan)
Nominating for 1.4. People are still testing/developing 1.4 on QC devices (e.g. Flame) so we need this there to have working tools.
blocking-b2g: --- → 1.4?
Fix for this issue has landed in HAL. Can you please test with the CAF patch: https://www.codeaurora.org/cgit/quic/la/platform/hardware/qcom/display/commit/?h=b2g_kk_3.5&id=f0366091389b3f0648a92e6a7173237937bc0393
Eric, can you test with above CAF patch and let me know?
Assignee: nobody → sushilchauhan
Flags: needinfo?(sushilchauhan) → needinfo?(erahm)
Reporter | ||
Comment 6•10 years ago
|
||
(In reply to Sushil from comment #4) > Eric, can you test with above CAF patch and let me know? The patch does not apply to my local checkout, inspecting by hand does indicate that it contains approximately the same fix.
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(erahm)
Thanks.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 8•10 years ago
|
||
Hi Vincent, Can you check if this patch has any impact on non-caf projects? Thanks
Flags: needinfo?(vliu)
Comment 9•10 years ago
|
||
erahm gets a gold star for this one.
Updated•10 years ago
|
Whiteboard: [MemShrink] → [MemShrink][POVB]
Target Milestone: --- → 2.0 S5 (4july)
Comment 10•10 years ago
|
||
(In reply to Wayne Chang [:wchang] from comment #8) > Hi Vincent, > > Can you check if this patch has any impact on non-caf projects? > > Thanks Checked with two other non-caf jrojects and they didn't have HwcDebug::HwcDebug() code implementation.
Flags: needinfo?(vliu)
Updated•10 years ago
|
Whiteboard: [MemShrink][POVB] → [CR 689431][MemShrink][POVB]
Updated•10 years ago
|
Whiteboard: [CR 689431][MemShrink][POVB] → [caf priority: p2][CR 689431][MemShrink][POVB]
Updated•10 years ago
|
Blocks: CAF-v2.0-FC-metabug
Hi Eric, I was wondering is this fixed for 1.4+? Or do we need to push it to 2.0, 2.1?
Flags: needinfo?(erahm)
Reporter | ||
Comment 13•10 years ago
|
||
We're still waiting for the fix to land upstream. See bug 1019634 comment 18.
Flags: needinfo?(erahm)
Comment 14•10 years ago
|
||
2.0: https://github.com/mozilla-b2g/b2g-manifest/commit/d2babab58743c696f46d614e84fdb9f2a0dd75d7
Comment 15•10 years ago
|
||
1.4: https://github.com/mozilla-b2g/b2g-manifest/commit/ad87526f60b8411262813189d5d023c0c43a17eb
You need to log in
before you can comment on or make changes to this bug.
Description
•