Closed Iceows closed 2 years ago
Iceows
commented
2 years ago I have fix the problem just by changing the return value of the function bool Parcel::verifyBufferObject (Parcel.cpp file) New code is :
if (bufferInParent != childBuffer) {
ALOGD("Buffer in parent %p differs from embedded buffer %p",
bufferInParent, childBuffer);
//android_errorWriteLog(0x534e4554, "179289794");
//return false;
return true;
}Patch is here : https://github.com/Iceows/huawei_prague_rom/tree/main/patch-diff
eremitein
commented
2 years ago thanks!
Iceows
commented
2 years ago Fix ok
antong
commented
2 years ago This patch reverts part of the fix for CVE-2021-0584, so may be dangerous.
Since Merge tag 'android-11.0.0_r39' into 11.0 the screen recording doesn't work. This commit add a buffer tests that return false if bufferInParent != childBuffer, see
https://github.com/crdroidandroid/android_system_libhwbinder/commit/cb835a500f3d4de152777e3f13db5ab969285633#diff-f15dceaeb27842edc307364b932210d381ee478bcafad233d42bc936e68da901
Test is : if (bufferInParent != childBuffer) { ALOGE("Buffer in parent %p differs from embedded buffer %p", bufferInParent, childBuffer); android_errorWriteLog(0x534e4554, "179289794"); return false; }
10-24 15:37:36.086 1108 1188 E android.hardware.media.omx@1.0-service: TWGraphicBufferProducer::dequeueBuffer - Invalid output fence 10-24 15:37:36.086 1404 1404 E hw-Parcel: Buffer in parent 0x5100000000 differs from embedded buffer 0x0 10-24 15:37:36.086 1404 1404 E Surface : dequeueBuffer: IGraphicBufferProducer returned invalid slot number -1 10-24 15:37:36.086 1404 1404 E CompositionEngine: ANativeWindow::dequeueBuffer failed for display [Recording Display] with error: -2147483646 10-24 15:37:36.086 1404 1404 W CompositionEngine: Dequeuing buffer for display [Recording Display] failed, bailing out of client composition for this frame 10-24 15:37:36.092 939 3623 I audio_pop: pop change CLASSD VIR_SWITCH CLASSD_EN dir 1
Is there a way to correct the problem, by removing the test ?