vendorgraphicbuffer: add validation on metadata before operating

The process crashed when it operated metadata on an unimported buffer.
To enhance the robustness of the system, the patch creates the check on
mali reference to avoid crashing.

Bug: 186739698
Test: android.mediav2.cts.EncoderColorAspectsTes
Change-Id: Ia9c074dcee0d0f3a8ef18170ea6bce153fa734a5

2 files changed, 23 insertions, 0 deletions

diff --git a/gralloc4/src/core/mali_gralloc_reference.cpp b/gralloc4/src/core/mali_gralloc_reference.cpp
index 22d8aa0..e24d9ff 100644
--- a/gralloc4/src/core/mali_gralloc_reference.cpp
+++ b/gralloc4/src/core/mali_gralloc_reference.cpp
@@ -116,3 +116,25 @@ int mali_gralloc_reference_release(buffer_handle_t handle, bool canFree)
 	pthread_mutex_unlock(&s_map_lock);
 	return 0;
 }
+
+int mali_gralloc_reference_validate(buffer_handle_t handle)
+{
+	if (private_handle_t::validate(handle) < 0)
+	{
+		MALI_GRALLOC_LOGE("Reference invalid buffer %p, returning error", handle);
+		return -EINVAL;
+	}
+
+	const auto *hnd = (private_handle_t *)handle;
+	pthread_mutex_lock(&s_map_lock);
+
+	if (hnd->allocating_pid == getpid() || hnd->remote_pid == getpid()) {
+		pthread_mutex_unlock(&s_map_lock);
+		return 0;
+	} else {
+		pthread_mutex_unlock(&s_map_lock);
+		MALI_GRALLOC_LOGE("Reference unimported buffer %p, returning error", handle);
+		return -EINVAL;
+	}
+}
+
diff --git a/gralloc4/src/core/mali_gralloc_reference.h b/gralloc4/src/core/mali_gralloc_reference.h
index f2afc61..555be08 100644
--- a/gralloc4/src/core/mali_gralloc_reference.h
+++ b/gralloc4/src/core/mali_gralloc_reference.h
@@ -23,5 +23,6 @@
 
 int mali_gralloc_reference_retain(buffer_handle_t handle);
 int mali_gralloc_reference_release(buffer_handle_t handle, bool canFree);
+int mali_gralloc_reference_validate(buffer_handle_t handle);
 
 #endif /* MALI_GRALLOC_REFERENCE_H_ */