Closed atsushieno closed 1 year ago
There seems a surprising overlook. In AudioPluginInterface.aidl, extension() is defined as:
AudioPluginInterface.aidl
extension()
void extension(int instanceID, String uri, int size);
However, when it is passed to extension() in AudioPluginInterfaceImpl.h, it is passed to LocalPluginInstance::controlExtension() as:
AudioPluginInterfaceImpl.h
LocalPluginInstance::controlExtension()
instance->controlExtension(in_uri, in_size);
while controlExtension() is defined as:
controlExtension()
void controlExtension(const std::string &uri, int32_t opcode)
in_size is passed as opcode. That's wrong and anything could happen.
in_size
opcode
In many cases it wouldn't have caused undefined behaviors as the shared memory content is stable and size usually does not matter. But this definitely needs fixes.
size
There seems a surprising overlook. In
AudioPluginInterface.aidl,extension()is defined as:However, when it is passed to
extension()inAudioPluginInterfaceImpl.h, it is passed toLocalPluginInstance::controlExtension()as:while
controlExtension()is defined as:in_sizeis passed asopcode. That's wrong and anything could happen.In many cases it wouldn't have caused undefined behaviors as the shared memory content is stable and
sizeusually does not matter. But this definitely needs fixes.