libdce[Android]: Fix NULL pointer dereference in dce_buf_unlock

In the case where dce_buf_lock fails due to dce_ipc_init failure,
then MmRpcHandle is not guaranteed to be initialized and could
result in a NULL pointer de-reference. In some use-cases where the
IPUMM takes a longer time to come up, this was resulting in a crash,
causing the Android media service to stop and restart several
times.

This patch fixes the NULL pointer de-reference by first checking if
the IPC is initialized in dce_buf_unlock before calling the IPC API.

This patch also has a minor cleanup of an un-used static global variable.

Change-Id: Idb74fb60c0b9696a0be87e4808b537ebfc84cd7e
Signed-off-by: Angela Stegmaier <angelabaker@ti.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/libdce_android.c b/libdce_android.c
index 0c6065a..fab39e6 100644
--- a/libdce_android.c
+++ b/libdce_android.c
@@ -45,7 +45,6 @@
 extern MmRpc_Handle    MmRpcHandle[];
 extern pthread_mutex_t    ipc_mutex;
 int is_ipc_ready = 0;
-static int dce_buf_count = 0;
 
 int dce_buf_lock(int num, size_t *handle)
 {
@@ -92,6 +91,11 @@ int dce_buf_unlock(int num, size_t *handle)
 
     pthread_mutex_lock(&ipc_mutex);
 
+    if (!is_ipc_ready) {
+        pthread_mutex_unlock(&ipc_mutex);
+        return DCE_EIPC_CALL_FAIL;
+    }
+
     _ASSERT(num > 0, DCE_EINVALID_INPUT);
 
     desc = malloc(num * sizeof(MmRpc_BufDesc));