Skip to content

Instantly share code, notes, and snippets.

@HighwayStar

HighwayStar/buffer_fix.c

Last active February 10, 2022 08:18
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save HighwayStar/3da60a36395fa992cf4afc9f01449203 to your computer and use it in GitHub Desktop.
Save HighwayStar/3da60a36395fa992cf4afc9f01449203 to your computer and use it in GitHub Desktop.
Download ZIP
xiaomi fix buffer issue (see line 83) in com.qti.chi.override.so
Raw
buffer_fix.c
int __fastcall sub_81A44(int a1)
{
int v1; // ST84_4@4
int v2; // ST14_4@5
int v3; // ST10_4@5
int v4; // ST0C_4@5
int v5; // ST08_4@5
int v6; // ST00_4@5
int v7; // ST6C_4@7
int v8; // ST18_4@7
int v9; // ST14_4@7
int v10; // ST60_4@11
int v11; // ST58_4@15
pthread_cond_t *v12; // ST50_4@17
pthread_mutex_t *v13; // r0@17
int v14; // ST48_4@19
int v15; // ST40_4@23
int v16; // ST38_4@29
int v17; // ST28_4@32
int v19; // [sp+74h] [bp-3Ch]@1
signed int v20; // [sp+78h] [bp-38h]@17
int v21; // [sp+7Ch] [bp-34h]@5
int v22; // [sp+88h] [bp-28h]@1
int *v23; // [sp+8Ch] [bp-24h]@1
v19 = a1;
sub_828E8(*(_DWORD *)(a1 + 112));
v23 = 0;
v22 = 0;
if ( sub_81826(*(_DWORD *)(v19 + 120)) )
v23 = (int *)sub_81846(*(_DWORD *)(v19 + 120));
if ( !v23 )
{
v1 = sub_81836(*(_DWORD *)(v19 + 120));
if ( (unsigned int)(v1 + sub_81836(*(_DWORD *)(v19 + 124))) < *(_DWORD *)(v19 + 164) )
{
v2 = *(_DWORD *)(v19 + 156);
v3 = *(_DWORD *)(v19 + 152);
v4 = *(_DWORD *)(v19 + 148);
v5 = *(_DWORD *)(v19 + 144);
v6 = *(_DWORD *)(v19 + 136);
v21 = sub_809C4(v19 + 72, *(_DWORD *)(v19 + 68), *(_DWORD *)(v19 + 128), *(_DWORD *)(v19 + 132));
if ( v21 )
{
if ( dword_E7450 & 8 )
{
v7 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
sub_2FCC0(v21);
v8 = *(_DWORD *)(v19 + 132);
v9 = *(_DWORD *)(v19 + 128);
_android_log_print(
3,
"CHIUSECASE",
"%s:%d %s() [%s] ImageBuffer created = %p, bh = %p, w x h = %d x %d\n",
v7);
}
v23 = (int *)sub_82DFA(12);
if ( v23 )
{
*v23 = v21;
}
else
{
if ( dword_E7450 << 31 )
{
v10 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
_android_log_print(6, "CHIUSECASE", "%s:%d %s() [%s] ImageBuffer couldn't be allocated\n", v10);
}
sub_80DCC(v21, v19 + 72, *(_DWORD *)(v19 + 68), v19);
}
}
else if ( dword_E7450 << 31 )
{
v11 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
_android_log_print(6, "CHIUSECASE", "%s:%d %s() [%s] ImageBuffer allocated failed = %p\n", v11);
}
}
}
if ( !v23 )
{
v12 = *(pthread_cond_t **)(v19 + 116);
v13 = (pthread_mutex_t *)sub_82914(*(_DWORD *)(v19 + 112));
v20 = sub_82A24(v12, v13, 0); //original value here #2000 (0x7d0) replace it with 0
if ( v20 == 9 )
{
if ( dword_E7450 << 31 )
{
v14 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
_android_log_print(6, "CHIUSECASE", "%s:%d %s() [%s], *** wait for buffer timedout ***\n", v14);
}
}
else if ( v20 )
{
if ( dword_E7450 << 31 )
{
v15 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
_android_log_print(6, "CHIUSECASE", "%s:%d %s() [%s], *** failed to get a free buffer result:%d ***\n", v15);
}
}
else if ( sub_81826(*(_DWORD *)(v19 + 120)) )
{
v23 = (int *)sub_81846(*(_DWORD *)(v19 + 120));
}
}
if ( v23 )
{
v22 = *v23;
sub_80F24(*v23);
sub_819FE(*(_DWORD *)(v19 + 124), v23);
if ( dword_E7450 & 8 )
{
v16 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
sub_81836(*(_DWORD *)(v19 + 120));
sub_81836(*(_DWORD *)(v19 + 124));
_android_log_print(
3,
"CHIUSECASE",
"%s:%d %s() [%s] ImageBuffer = %p, Free buffers = %d, Busy buffers = %d\n",
v16);
}
}
else if ( dword_E7450 << 31 )
{
v17 = sub_82CD8("vendor/qcom/proprietary/chi-cdk/vendor/chioverride/default/chxusecaseutils.cpp");
sub_81836(*(_DWORD *)(v19 + 120));
sub_81836(*(_DWORD *)(v19 + 124));
_android_log_print(
6,
"CHIUSECASE",
"%s:%d %s() [%s] GetImageBuffer failed! Free buffers = %d, Busy buffers = %d\n",
v17);
}
sub_828FE(*(_DWORD *)(v19 + 112));
return v22;
}
Raw
mi8se_hex.patch
--- com.qti.chi.override_orig.so.hex 2020-07-20 22:44:26.700737380 +0800
+++ com.qti.chi.override.so_mi8se_fixed.hex 2020-07-20 22:44:46.317276299 +0800
@@ -33219,7 +33219,7 @@
00081c20: 0a60 9249 7944 924a 7a44 0623 1690 1846 .`.IyD.JzD.#...F
00081c30: 169b 06f0 feea 1590 ffe7 ffe7 ffe7 ffe7 ................
00081c40: 2398 0028 78d1 ffe7 0020 1e90 1d98 006f #..(x.... .....o
-00081c50: 1d99 4a6f 1492 00f0 5dfe 4ff4 fa62 1499 ..Jo....].O..b..
+00081c50: 1d99 4a6f 1492 00f0 5dfe 4ff0 0002 1499 ..Jo....].O.....
00081c60: 1390 0846 1399 00f0 ddfe 1e90 1e98 0928 ...F...........(
00081c70: 26d1 ffe7 7f48 7844 0068 0068 c007 0028 &....HxD.h.h...(
00081c80: 1dd0 ffe7 7c48 7844 01f0 26f8 ee46 1d99 ....|HxD..&..F..
@@@ addresses valid for binary from grus-user 10 QKQ1.190828.002 9.10.16 release-keys
Raw
mi8se_objdump.patch
--- com.qti.chi.override_orig.so.txt 2020-07-20 14:36:50.464764482 +0800
+++ com.qti.chi.override.so_mi8se_fixed.txt 2020-07-20 22:40:48.202712179 +0800
@@ -1,5 +1,5 @@
-com.qti.chi.override_orig.so: file format elf32-littlearm
+com.qti.chi.override.so_mi8se_fixed: file format elf32-littlearm
Disassembly of section .note.android.ident:
@@ -182398,7 +182398,7 @@
81c52: 6f4a ldr r2, [r1, #116] ; 0x74
81c54: 9214 str r2, [sp, #80] ; 0x50
81c56: f000 fe5d bl 82914 <_ZdlPv@@Base+0x17a>
- 81c5a: f44f 62fa mov.w r2, #2000 ; 0x7d0
+ 81c5a: f04f 0200 mov.w r2, #0
81c5e: 9914 ldr r1, [sp, #80] ; 0x50
81c60: 9013 str r0, [sp, #76] ; 0x4c
81c62: 4608 mov r0, r1
@@@ addresses valid for binary from grus-user 10 QKQ1.190828.002 9.10.16 release-keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment