From fd92f42c3912f21dbd359696639cc5e75cbd51c0 Mon Sep 17 00:00:00 2001
From: Mathias Agopian <mathias@google.com>
Date: Wed, 20 Jan 2010 13:13:08 -0800
Subject: [PATCH] part of fix for [2363506] [Sapphire] Video playback broken

make sure to reject incompatible buffers in special function
  GRALLOC_MODULE_PERFORM_CREATE_HANDLE_FROM_BUFFER

we use ioctl(PMEM_GET_SIZE) to validate that the given buffer is indeed
a pmem buffer.
---
 libgralloc-qsd8k/mapper.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libgralloc-qsd8k/mapper.cpp b/libgralloc-qsd8k/mapper.cpp
index 8c199b3..d79d9fa 100644
--- a/libgralloc-qsd8k/mapper.cpp
+++ b/libgralloc-qsd8k/mapper.cpp
@@ -24,6 +24,7 @@
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/ioctl.h>
 
 #include <cutils/log.h>
 #include <cutils/atomic.h>
@@ -31,6 +32,8 @@
 #include <hardware/hardware.h>
 #include <hardware/gralloc.h>
 
+#include <linux/android_pmem.h>
+
 #include "gralloc_priv.h"
 
 
@@ -301,6 +304,13 @@ int gralloc_perform(struct gralloc_module_t const* module,
             size_t size = va_arg(args, size_t);
             size_t offset = va_arg(args, size_t);
             void* base = va_arg(args, void*);
+
+            // validate that it's indeed a pmem buffer
+            pmem_region region;
+            if (ioctl(fd, PMEM_GET_SIZE, &region) < 0) {
+                break;
+            }
+
             native_handle_t** handle = va_arg(args, native_handle_t**);
             private_handle_t* hnd = (private_handle_t*)native_handle_create(
                     private_handle_t::sNumFds, private_handle_t::sNumInts);