From 66ca15415d2339df0d6daad6ad1789739f032eb2 Mon Sep 17 00:00:00 2001 From: Arian Date: Fri, 28 Nov 2025 18:42:12 +0100 Subject: [PATCH] surya: Patch com.vidhance.node.eis.so to allocate GraphicBuffer with new size Commit [1] ("Introduce a dependency monitor for fences") has added new members to the GraphicBuffer struct, increasing the size from 0x100 to 0xd30. camera.xiaomi.so creates GraphicBuffer in its constructors using "new GraphicBuffer(..)" which encodes the size to allocate at compile time. Then, on destruction of the object, the implicit destructor will try to destruct the new members, but, since this memory was not allocated for the object, this leads to memory access of unallocated storage. F DEBUG : backtrace: F DEBUG : #00 pc 000000000003ba00 /vendor/lib64/libui.so (__aarch64_ldadd8_acq_rel+16) (BuildId: b577faa139eb3404c7d3a674b147634c) F DEBUG : #01 pc 0000000000051364 /vendor/lib64/libui.so (android::GraphicBuffer::~GraphicBuffer()+248) (BuildId: b577faa139eb3404c7d3a674b147634c) F DEBUG : #02 pc 0000000000051698 /vendor/lib64/libui.so (android::GraphicBuffer::~GraphicBuffer()+20) (BuildId: b577faa139eb3404c7d3a674b147634c) F DEBUG : #03 pc 0000000000011064 /vendor/lib64/libutils.so (android::RefBase::decStrong(void const*) const+164) (BuildId: 99d1ab745e7b73420d8d2b397483ef54) F DEBUG : #04 pc 00000000000cd538 /vendor/lib64/hw/camera.xiaomi.so (mihal::GraBuffer::~GraBuffer()+236) (BuildId: a4c59705588bd26d407f0ab181902baf) [1]: https://github.com/LineageOS/android_frameworks_native/commit/df868baf2abefbb45341530d20a948ffd6b2c304 Change-Id: Ib51efcaa7514fa5902ac68cdcff2a8ecf97be511 --- .../components/com.vidhance.node.eis.so | Bin 188976 -> 188976 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/proprietary/vendor/lib64/camera/components/com.vidhance.node.eis.so b/proprietary/vendor/lib64/camera/components/com.vidhance.node.eis.so index e67278b865d32f0fda5bc3a66cdedc087173ad97..edf869daf0e047f309a0128234f5cb434e1a5abd 100644 GIT binary patch delta 53 zcmdmRgnI)JMZRNN*0?$Poz`n0y}kV=<2?fqBb|%smJ5jC?9U{{1Y*PoGF_Yi0Ihfz Aa{vGU delta 53 zcmdmRgnI)JMZRNFXxJS6PU|(0-rjzb@ty&Qk