search

lbdroid / android_device_linaro_hikey

Hikey 960 device tree for Android Automotive
3 stars 6 forks source link

Possible bad thing can happen in out_write and in_read functions #1

Closed lbdroid closed 6 years ago

lbdroid commented 6 years ago

https://github.com/lbdroid/android_device_linaro_hikey/blob/094073048d04b84d7bc4ab8ffe1264da0f22c54e/usbaudio/audio_hal.c#L524

It is extremely unlikely, but possible. If out_write passes the null check on the sco_thread, but just before obtaining the stream lock, the sco_thread starts and gets far enough to mess with the pcm, then out_write continues, reopens the pcm, then sco_thread won't be able to open its own pcm.

Fix: move the null check on the sco_thread into the critical area protected by the stream lock.

This;

    if (out->adev->sco_thread != 0) return bytes;
    stream_lock(&out->lock);

Becomes this;

    stream_lock(&out->lock);
    if (out->adev->sco_thread != 0){
        stream_unlock(&out->lock);
        return bytes;
    }
lbdroid commented 6 years ago

Fixed in 1fbdee5079acc2eac7bce46a05804301602c543d