https://code.google.com/p/android/issues/detail?id=230602
On the second attempt, open the file with O_RDONLY,
which causing a write failure。
Change-Id: If89165b8c7619fe25722073a46b3cc7c61530a71
Signed-off-by: katao <ustckato@gmail.com>
bootable/recovery/applypatch/imgdiff.cpp:195:5: warning: Potential leak
of memory pointed to by 'img' [clang-analyzer-unix.Malloc]
Bug: 26936282
Test: WITH_TIDY=1 WITH_STATIC_ANALYZER=1 mm
Change-Id: Ie79c780233ddfebf85686a24df3bf2561f831580
bootable/recovery/applypatch/imgdiff.cpp:322:11: warning: Value stored to 'ret' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
bootable/recovery/applypatch/imgdiff.cpp:447:11: warning: Value stored to 'ret' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
bootable/recovery/applypatch/imgdiff.cpp:553:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
Bug: 26936282
Test: WITH_TIDY=1 WITH_STATIC_ANALYZER=1 mm
Change-Id: I3f865e3e9b9d19e5ea5e8dfd2fe2c644254ffbb5
We should always use unique_fd or unique_file to hold the FD or FILE*
pointer when opening via ota_(f)open functions.
This CL avoids accidentally closing raw FDs or FILE* pointers that are
managed by unique_fd/unique_file.
Test: recovery_component_test passes.
Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
We were using the below sequence prior to the CL in [1].
unique_fd fd(ota_open(...));
ota_close(fd);
fd.reset(ota_open(...));
fd.reset() may unintentionally close the newly opened FD if it
has the same value as the early ota_open. The CL in [1] changed to
"ota_close(fd.release())" to avoid the issue. This CL adds a new
overloaded function ota_close(unique_fd&) to handle the release
automatically.
Similarly add ota_fclose(std::unique_ptr<FILE>&).
[1] commit 48cf770471.
Bug: 33034669
Test: recovery_component_test passes.
Change-Id: Ief91edc590e95a7426e33364b28754173efb1056
We use android::base::unique_fd() to avoid leaking FD. We also want to
call close (or ota_close) to explicitly check the close result. When
combining the two together, we need to release the unique_fd to avoid
closing the same FD twice.
Bug: 33034669
Test: Trigger applypatch with install-recovery.sh.
Change-Id: I1a4f5d5fba7a23ef98d8bd7b7b07e87ae6f705c5
Add unique_fd that calls ota_close() instead of the default closer.
Test: recovery_component_test passes.
Test: Apply a package that calls apply_patch().
Change-Id: I0c19921731757934f76cf7d5215916673a8f2777
We don't need three vectors to sort the (size, SHA-1) pairs.
Test: recovery_component_test passes.
Test: Apply a package that calls apply_patch_check() to patch EMMC
partitions.
Change-Id: I4a6620630a6711f490822cf30f1e7fe5cea6ce49
static_cast is preferable to reinterpret_cast when casting from void*
pointers returned by malloc/calloc/realloc/mmap calls.
Discovered while looking at compiler warnings (b/26936282).
Test: WITH_TIDY=1 WITH_STATIC_ANALYZER=1 mma
Change-Id: Iaffd537784aa857108f6981fdfd82d0496eb5592
Merged-In: I151642d5a60c94f312d0611576ad0143c249ba3d
bootable/recovery/applypatch/imgdiff.cpp:1065:3: warning: Potential leak of memory pointed to by 'patch_data'
bootable/recovery/applypatch/imgdiff.cpp:1065:3: warning: Potential leak of memory pointed to by 'patch_size'
bootable/recovery/applypatch/imgdiff.cpp:226:7: warning: Potential leak of memory pointed to by 'temp_entries'
Bug: 26936282
Test: WITH_TIDY=1 WITH_STATIC_ANALYZER=1 mm
Change-Id: I3cac945d7677d367934d5619ef7419daf6f48d6f
Refactor applypatch/main.cpp into libapplypatch_modes so that we can add
testcases.
Some changes to applypatch/main.cpp:
- Replace char** argv with const char**;
- Use android::base::Split() to split ":";
- Use android::base::ParseUInt().
Bug: 32383590
Test: Unit tests pass, install-recovery.sh works.
Change-Id: I44e7bfa5ab717d439ea1d0ee9ddb7b2c40bb95a4
When constructing std::string from C-string, the string may be truncated
at null char. Use range constructor instead.
Bug: 32380016
Test: Use applypatch to install a previously failed recovery image.
Change-Id: Id3e2afb4a810594243cd21db526933d1fea5044b
Applypatch_check should be skipped if no sha is specified. As the
comments said: "It's okay to specify no sha1s; the check will pass if
the LoadFileContents is successful. Useful for reading partitions,
where the filename encodes the sha1s."
Test: The update package applied on angler successfully.
Bug: 32243751
Change-Id: Ib8f3dadf19f745c2dbd350d60da46ab12d75bc87
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
Changing the field of 'Value' in edify to std::string from char*.
Meanwhile cleaning up the users of 'Value' and switching them to
cpp style.
Test: compontent tests passed.
Bug: 31713288
Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
We might end up in an infinite loop if read(2) reached EOF unexpectedly.
The problematic code in uncrypt mentioned in the bug has been fixed
by switching to libbase ReadFully(). So I grepped through the recovery
code and fixed some other occurences of the issue.
Bug: 31073201
Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
We may have expanded_len == 0 when calling inflate(). After switching to
using std::vector, it passes a nullptr buffer to inflate() and leads to
Z_STREAM_ERROR.
Bug: 29312140
Change-Id: Iab7c6c07a9e8488e844e7cdda76d02bd60d2ea98
external/bsdiff uses divsufsort which is much faster, and also include
some bug fixes.
Bug: 26982501
Test: ./imgdiff_test.sh
Change-Id: I089a301c291ee55d79938c7a3ca6d509895440d1
The applypatch heaaders were recently moved to the include/ directory.
This patch reflects that change in the Makefile.
Bug: None
TEST=sudo emerge imgdiff
Change-Id: I0bf3f991b5e0c98054033c5939ed69b3e3c827a9
Cherry pick this patch because it fixes the problem that
a newed Value is released by free().
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
(cherry picked from commit d6c93afcc2)
To make the static library position independent.
Bug: 26866274
Test: emerge-peppy imgdiff; sudo emerge imgdiff; emerge nyan imgdiff
Change-Id: I319e721ccfb6a51f63d31afa49f54aa7f607f4bf
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same
library, there would be linking errors when generating a shared library
(or executable) that depends on the two libraries both.
Also clean up Android.mk files.
Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The
module will then default to "optional" which won't be built until needed.
Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
Treat it as a normal chunk if inflate() fails.
Test: run imgdiff on corrupted gzip and apply the patch
Bug: 27153028
Change-Id: Idcbb3c1360ec0774e6c7861b21d99af8ee10604a
update_engine need it for the new IMGDIFF operation.
Also removed __unused in ApplyImagePatch() as I got error building it
for the host, and I think it's dangerous not checking the size of the
input.
Test: mma
Bug: 26628339
Change-Id: I22d4cd55c2c3f87697d6afdf10e8106fef7d1a9c
dragon kernel is compressed via lz4 for boot speed and bootloader
support reasons and recent prebuilts happen to include the gzip header
sequence which is causing imgdiff to fail.
Detect a spurious gzip header and treat the section as a normal section.
Bug: 26133184
Change-Id: I369d7d576fd7d2c579c0780fc5c669a5b6ea0d3d
(cherry picked from commit 0f2f6a746af517afca9e5e089a4a17be0a9766d6)
Signed-off-by: David Riley <davidriley@google.com>
The CL in [1] has stopped building and packaging the obsolete
applypatch_static tool.
[1]: commit a04fca31bf1fadcdf982090c942ccbe4d9b95c71
Bug: 24621915
Change-Id: I5e98951ad7ea5c2a7b351af732fd6722763f59bd
mkstemp() allocates a file description that is never released. If
MakePatch() is called too many time, imgdiff reaches the Operating
System EMFILE (too many open files) limit.
Change-Id: Icbe1399f6f6d32cfa1830f879cacf7d75bbd9fc3
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Signed-off-by: Gaelle Nassiet <gaellex.nassiet@intel.com>
WriteToPartition() should consider a target name as valid if it contains
multiple colons. But only the first two fields will be used.
Bug: 22725128
Change-Id: Ie9404375e24045c115595eec6ce5b6423da8fc3e
We may carry a full copy of recovery image in the /system, and use
/system/bin/install-recovery.sh to install the recovery. This CL adds
support to flash the recovery partition with the given image.
Bug: 22641135
Change-Id: I7a275b62fdd1bf41f97f6aab62d0200f7dae5aa1
(cherry picked from commit 68c5a67967)
Failures are seen on devices with
Linux 3.10. And they are mainly due to this change:
https://lwn.net/Articles/546473/
The blocks reserved in this change is not the same thing as what we
think are reserved for common usage of root user. And this part is
included in free blocks but not in available blocks.
Change-Id: Ib29e12d775b86ef657c0af7fa7a944d2b1e12dc8
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.
Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
We have seen cases where the boot partition is patched, but upon
recovery the partition appears to be corrupted. Open up all
patched files/partitions with O_SYNC, and do not ignore the
errors from fsync/close operations.
Bug: 18170529
Change-Id: I392ad0a321d937c4ad02eaeea9170be384a4744b
Patches with control data tuples with negative numbers in the first
and/or second can cause bspatch to write to arbitrary locations in the
heap.
Change-Id: I8c5d81948be773e6483241131d3d166b6da27cb8
Older versions of android supported an ASLR system where binaries were
randomly twiddled at OTA install time. Remove support for this; we
now use the ASLR support in the linux kernel.
Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
These were attempts to write partitions "conservatively" in hopes of
fixing the problems with writing the radio partition on Nexus 4. They
didn't work (a kernel patch was needed), but got left in. They make
writing of partitions unnecessarily slow (ie, we really shouldn't need
to sync() after every 4kb). Roll back most of them, but leave the
verification read-back in.
Change-Id: I94badc0979e88816c5aa0485f6316c02be69173c
Write and verify partitions using write(2) and read(2) rather than the
stdio functions. Read and write in 4kb blocks. When writing, fsync()
every 1MB.
Bug: 9602014
Change-Id: Ie98ce38e857786fc0f4ebf36bb5ffc93b41bc96f
Nexus 4 has flash errors that manifest during large writes (eg, of the
radio partition). Writes of some blocks seem to be dropped silently,
without any errors being returned to the user level.
Make two changes to the partition-writing code:
- break it up into 1MB writes instead of writing partitions with a
single fwrite() call. Pause for 50ms in between every chunk.
- read the partition back after writing and verify that we read what
we wrote. Drop caches before reading so we (hopefully) are reading
off the actual flash and not some cache.
Neither of these should be necessary.
Bug: 9602014
Change-Id: Ice2e24dd4c11f1a57968277b5eb1468c772f6f63
Make minzip log only a count of files when extracting, not individual
filenames. Make patching only chatter about free space if there's not
enough and compact the other messages.
Only the last 8k of the recovery log gets uploaded; this makes it more
likely that we will get all of it.
Change-Id: I529cb4947fe2185df82b9da5fae450a7480dcecd
The bonus data option lets you give an additional blob of uncompressed
data to be used when constructing a patch for chunk #1 of an image.
The same blob must be available at patch time, and can be passed to
the command-line applypatch tool (this feature is not accessible from
edify scripts).
This will be used to reduce the size of recovery-from-boot patches by
storing parts of the recovery ramdisk (the UI images) on the system
partition.
Change-Id: Iac1959cdf7f5e4582f8d434e83456e483b64c02c
* commit '3733d2185bbcedd9ef626907f1f32628986cc0f5':
Use the static version of libsparse
Multiple modules with the same name are going away.
host modules don't need LOCAL_MODULE_TAGS
When creating a new file using open(..., O_CREAT), it is an error
to fail to specify a creation mode. If a mode is not specified, a
random stack provided value is used as the "mode".
This will become a compile error in a future Android change.
Change-Id: I73c1e1a39ca36bf01704b07302af4971d234b5a8
The applypatch function is somewhat sloppy about freeing memory (since
it was originally a standalone binary). Fix some of that.
Change-Id: Ifd44d71ea189c0b5115493119fd57bc37533fd59
An accidental variable declaration ("int enough_space = ..." instead
of "enough_space = " inside a block) shadowing the real one meant we
were always using the copy-to-cache path for patching, even when not
necessary. Remove it. Enforce an absolute minimum of free space as
well, to avoid running into problems patching small files, now that
the copy-to-cache path is (inadvertently) well-tested.
Change-Id: Idb7d57241a9adcda2e11001fa44f0cd67ce40d19
When restarting a patch from crashing in the middle of a large file,
we're not finding the correct patch to apply to the copy saved in
cache.
Change-Id: I41cb2b87d096bb7a28a10c4cf3902facd45d4c9d
Separate files for retouch functionality are in minelf/*
ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained. Retouch logic can recover from crashes.
Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
Let applypatch read and write EMMC partitions as well as MTD ones.
This enables incremental updates that include boot image changes, as
well as OTA of new recovery partitions.
Change-Id: I3766b9e77c639769ddf693b675da51d57f6e6b1d
Add in Makefiles and support files for x86 builds
Based on changes by: wonjong.lee <wonjong.lee@windriver.com>
Additional changes by: Mark Gross <mark.gross@intel.com>
Additional changes by: Bruce Beare <brucex.j.beare@intel.com>
Change-Id: I71fcf58f116e4e9047e7d03fdb28e3308553ce5c
Change the applypatch function to take meaningful arguments instead of
argc and argv. Move all the parsing of arguments into main.c (for the
standalone binary) and into install.c (for the updater function).
applypatch() takes patches as Value objects, so we can pass in blobs
extracted from the package without ever writing them to temp files.
The patching code is changed to read the patch from memory instead of
a file.
A bunch of compiler warnings (mostly about signed vs unsigned types)
are fixed.
Support for the IMGDIFF1 format is dropped. (We've been generating
IMGDIFF2 packages for some time now.)
Change-Id: I217563c500012750f27110db821928a06211323f
- Move applypatch to this package (from build).
- Add a rudimentary type system to edify: instead of just returning a
char*, functions now return a Value*, which is a struct that can
carry different types of value (currently just STRING and BLOB).
Convert all functions to this new scheme.
- Change the one-argument form of package_extract_file to return a
Value of the new BLOB type.
- Add read_file() to load a local file and return a blob, and
sha1_check() to test a blob (or string) against a set of possible
sha1s. read_file() uses the file-loading code from applypatch so it
can read MTD partitions as well.
This is the start of better integration between applypatch and the
rest of edify.
b/2361316 - VZW Issue PP628: Continuous reset to Droid logo:
framework-res.apk update failed (CR LIBtt59130)
Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
