问题描述:公司产品过CTA认证过程中,实验室反馈无法录像,即点击按钮开始录像后马上停止,并且没有文件生成。
log分析:
12-05 11:22:13.315 E/AEC_PORT( 327): aec_port_save_update:real_gain:4.332157 linecnt:4488 exp_idx:335 cur_luma:65 led_est:0
12-05 11:22:13.345 W/NativeCrashListener( 807): Couldn't find ProcessRecord for pid 268
12-05 11:22:13.345 I/DEBUG ( 265): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-05 11:22:13.345 E/DEBUG ( 265): AM write failure (32 / Broken pipe)
12-05 11:22:13.345 I/DEBUG ( 265): Build fingerprint: 'basewin/msm8909_p500/msm8909_p500:5.1.1/LMY47V/scm0112011716:userdebug/dev-keys'
12-05 11:22:13.346 I/DEBUG ( 265): Revision: '0'
12-05 11:22:13.346 I/DEBUG ( 265): ABI: 'arm'
12-05 11:22:13.346 I/DEBUG ( 265): pid: 268, tid: 6646, name: recorder_looper >>> /system/bin/mediaserver <<<
12-05 11:22:13.346 I/DEBUG ( 265): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xb1108000
12-05 11:22:13.376 I/DEBUG ( 265): r0 b1108000 r1 b094ee40 r2 0000a180 r3 00000000
12-05 11:22:13.376 I/DEBUG ( 265): r4 b10eb200 r5 b87c4260 r6 b870ac58 r7 b1614c54
12-05 11:22:13.376 I/DEBUG ( 265): r8 00000001 r9 b1614c58 sl b1614d14 fp 00027000
12-05 11:22:13.376 I/DEBUG ( 265): ip b669e7f4 sp b1614c38 lr b660313d pc b6e8fa38 cpsr 200f0010
12-05 11:22:13.377 I/DEBUG ( 265):
12-05 11:22:13.377 I/DEBUG ( 265): backtrace:
12-05 11:22:13.377 I/DEBUG ( 265): #00 pc 0000fa38 /system/lib/libc.so (__memcpy_base+104)
12-05 11:22:13.377 I/DEBUG ( 265): #01 pc 0008a139 /system/lib/libstagefright.so (android::MediaCodecSource::feedEncoderInputBuffers()+240)
12-05 11:22:13.377 I/DEBUG ( 265): #02 pc 0008a27b /system/lib/libstagefright.so (android::MediaCodecSource::onMessageReceived(android::sp<android::AMessage> const&)+214)
12-05 11:22:13.377 I/DEBUG ( 265): #03 pc 0008a837 /system/lib/libstagefright.so
12-05 11:22:13.377 I/DEBUG ( 265): #04 pc 0000b3af /system/lib/libstagefright_foundation.so (android::ALooperRoster::deliverMessage(android::sp<android::AMessage> const&)+166)
12-05 11:22:13.377 I/DEBUG ( 265): #05 pc 0000ad2d /system/lib/libstagefright_foundation.so (android::ALooper::loop()+220)
12-05 11:22:13.377 I/DEBUG ( 265): #06 pc 0000eecd /system/lib/libutils.so (android::Thread::_threadLoop(void*)+112)
12-05 11:22:13.377 I/DEBUG ( 265): #07 pc 0000ea3d /system/lib/libutils.so
12-05 11:22:13.377 I/DEBUG ( 265): #08 pc 000132b3 /system/lib/libc.so (__pthread_start(void*)+30)
12-05 11:22:13.377 I/DEBUG ( 265): #09 pc 000111df /system/lib/libc.so (__start_thread+6)
12-05 11:22:13.404 E/mm-camera-sensor( 327): port_sensor_handle_aec_update:803 g 4.332157 lux idx 333.642090
分析栈进一步追代码:
(/bionic/libc/include/string.h:106)
__BIONIC_FORTIFY_INLINE
void* memcpy(void* __restrict dest, const void* __restrict src, size_t copy_amount) {
return __builtin___memcpy_chk(dest, src, copy_amount, __bos0(dest));//这里报错
}
继续追:
(/bionic/libc/arch-arm/cortex-a15/bionic/memcpy_base.S:122)
1: // The main loop copies 64 bytes at a time.
vld1.8 {d0 - d3}, [r1]!
vld1.8 {d4 - d7}, [r1]!
pld [r1, #(64*4)]
subs r2, r2, #64
vst1.8 {d0 - d3}, [r0, :128]! //这里报错
vst1.8 {d4 - d7}, [r0, :128]!
bhs 1b
是不是实在没有头绪呢,笔者也是一头雾水,不过凭借之前大佬的经验随机分分钟定位问题:系统签名!!!
为了安全性考虑,公司在某个时间点之后,所出的版本只有熔丝版本,那么问题来了,熔丝版本会引起无法录像?当然不会,是因为有一个组件在版本编译时没有编译进去——venus。至于这个组件是干嘛的,笔者是在是找不到任何资源,有知道的童鞋可以留言教一下。
路径:
(/vendor/qcom/proprietary/prebuilt_HY11/target/product/msm8909/system/etc/firmware)
需要push venus.b00 venus.b01 venus.b02 venus.b03 venus.b04 venus.mdt
最好push整个文件夹比较保险。
驱动说venus是驱动dsp的,就像voice控制adsp,如果签名不对,连声音都没有,:-)