Feature/rdkemw 8587 dlsym

[suppal045]

No description provided.

[Copilot]

Pull request overview

This PR refactors the dynamic library loading mechanism for device settings configuration to use a shared library handle instead of opening/closing the library multiple times. The changes introduce a centralized getDLInstance() and releaseDLInstance() pattern, and update all config loading methods to accept a handle parameter.

Key Changes

• Centralized dynamic library handle management with thread-safe singleton pattern
• Updated all config load methods to accept a void* pDLHandle parameter
• Added support for FrontPanelConfig in the initialization flow
• Removed the parse_opt_flag() function and associated delay logic

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
ds/manager.cpp	Added getDLInstance/releaseDLInstance functions, refactored searchConfigs to use provided handle, updated Initialize/load methods to pass handle to configs, removed parse_opt_flag function and delay logic
ds/include/manager.hpp	Updated searchConfigs declaration to include pDLHandle parameter, removed parse_opt_flag declaration
ds/videoOutputPortConfig.hpp	Updated load method signature to accept pDLHandle parameter
ds/videoOutputPortConfig.cpp	Refactored load to accept handle parameter, moved symbol search variables into conditional block, added dynamic vs old config loading logic
ds/videoDeviceConfig.hpp	Updated load method signature to accept pDLHandle parameter
ds/videoDeviceConfig.cpp	Refactored load to accept handle parameter, added dynamic vs old config loading logic
ds/audioOutputPortConfig.hpp	Updated load method signature to accept pDLHandle parameter
ds/audioOutputPortConfig.cpp	Refactored load to accept handle parameter, added dynamic vs old config loading logic
ds/include/frontPanelConfig.hpp	Moved load method from private to public, added m_isFPConfigLoaded member, updated load signature to accept pDLHandle
ds/frontPanelConfig.cpp	Removed load call from getInstance, added load validation checks with m_isFPConfigLoaded, refactored load to accept handle parameter and support dynamic/old config loading

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In the FrontPanelConfig::load method, the check for pDLHandle uses a different null comparison pattern (pDLHandle without nullptr comparison) compared to other config files which consistently use "nullptr != pDLHandle". Consider using "nullptr != pDLHandle" for consistency with the rest of the codebase.

Suggested change

	if (pDLHandle)
	if (nullptr != pDLHandle)

[Copilot]

The explicit return statement at the end of a void function is unnecessary. Since this function returns void, the return statement at line 554 can be removed as the function will automatically return at its end.

Suggested change

return;

[Copilot]

The log message format for old config loading is inconsistent. In videoDeviceConfig.cpp line 164 it says "Read Old Configs" while other files (videoOutputPortConfig.cpp line 435, audioOutputPortConfig.cpp line 235, frontPanelConfig.cpp line 482) consistently use "Using OLD config loading". Consider updating this message to match the consistent pattern used elsewhere.

Suggested change

	INT_INFO("Read Old Configs\n");
	INT_INFO("Using OLD config loading\n");

[Copilot]

The getDLInstance function does not log or handle the error when dlopen fails. The old implementation would log the error message from dlerror(), but this new implementation only logs whether the handle is NULL or Valid. Consider logging the actual error message from dlerror() when dlopen fails to aid in debugging issues with loading the dynamic library.

[Copilot]

The Manager::load() method calls load for AudioOutputPortConfig, VideoOutputPortConfig, and VideoDeviceConfig, but does not call FrontPanelConfig::getInstance().load(pDLHandle). This is inconsistent with Manager::Initialize() which calls load on all four config classes including FrontPanelConfig. This inconsistency could lead to FrontPanelConfig not being properly loaded when Manager::load() is called.

Suggested change

	device::VideoDeviceConfig::getInstance().load(pDLHandle);
	device::VideoDeviceConfig::getInstance().load(pDLHandle);
	device::FrontPanelConfig::getInstance().load(pDLHandle);

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 31 out of 31 changed files in this pull request and generated 22 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Missing error handling: The function doesn't check for dlopen failures. If pDLHandle is NULL (dlopen failed), the code will pass NULL to LoadDLSymbols, which will fail silently and fall back to static configurations. Consider logging dlerror() message when dlopen fails to help diagnose library loading issues.

Suggested change

	pDLHandle = dlopen(RDK_DSHAL_NAME, RTLD_LAZY);
	pDLHandle = dlopen(RDK_DSHAL_NAME, RTLD_LAZY);
	if (NULL == pDLHandle) {
	const char* dlErrMsg = dlerror();
	if (dlErrMsg != NULL) {
	INT_ERROR("Failed to load '%s': %s\n", RDK_DSHAL_NAME, dlErrMsg);
	} else {
	INT_ERROR("Failed to load '%s': unknown dlopen error\n", RDK_DSHAL_NAME);
	}
	}

[Copilot]

Undefined preprocessor macro: The code references DEBUG macro at line 38, but this macro is defined locally in this file. However, DEBUG is commonly a predefined macro in many build systems. Consider using a more specific name like DS_VIDEO_DEVICE_DEBUG to avoid conflicts.

Suggested change

	#define DEBUG 1 // Using for dumpconfig
	// Local debug flag for VideoDeviceConfig; avoid clobbering global DEBUG.
	#ifndef DS_VIDEO_DEVICE_DEBUG
	#define DS_VIDEO_DEVICE_DEBUG 1 // Using for dumpconfig
	#endif
	// Preserve existing behavior: only define DEBUG here if not provided by build system.
	#ifndef DEBUG
	#define DEBUG DS_VIDEO_DEVICE_DEBUG
	#endif

[Copilot]

Changed API signature: The dsEnableHDCP function call changed from passing a port type (dsVideoPortType_t) to passing a handle (intptr_t). This is a breaking API change that needs to be verified against the HAL library implementation. Ensure that the HAL library's dsEnableHDCP function signature matches this new usage.

[Copilot]

Spelling error in variable name: kVidoeResolutionsSettings should be kVideoResolutionsSettings (misspelled "Video" as "Vidoe"). This variable appears multiple times in this function.

[Copilot]

Unnecessary double semicolon at the end of the statement. Remove one semicolon.

[Copilot]

Debugging code left in production: The cout statements (lines 220-230, 260-267) appear to be debug code that should be removed or replaced with proper logging macros (INT_INFO/INT_DEBUG) for consistency with the rest of the codebase.

[Copilot]

API signature mismatch: The header file declares dsLoadVideoOutputPortConfig as returning void (line 53 of dsVideoPortConfig.h), but the implementation returns int. This inconsistency will cause compilation errors or undefined behavior.

[Copilot]

API signature mismatch: The header file declares dsLoadVideoDeviceConfig as returning void (line 48 of dsVideoDeviceConfig.h), but the implementation returns int. This inconsistency will cause compilation errors or undefined behavior.

[Copilot]

Potential race condition: The global static variable audioConfiguration is accessed and modified without any mutex protection. Multiple threads could potentially call dsLoadAudioOutputPortConfig or the getter functions concurrently, leading to data races. Consider adding mutex protection around accesses to this shared state.

[Copilot]

Potential double-free vulnerability: If dsLoadVideoOutputPortConfig is called multiple times, the previously allocated memory will be leaked before being replaced with new allocations. Additionally, there's no check to prevent double-initialization. Consider adding a flag to track initialization state and free existing memory before reallocating.

[Copilot]

Pull request overview

Copilot reviewed 41 out of 41 changed files in this pull request and generated 11 comments.

Comments suppressed due to low confidence (1)

rpc/srv/dsVideoPort.c:1968

• Potential NULL pointer dereference. If kVidoeResolutionsSettings is NULL (which can happen if dsGetVideoPortResolutions fails), the code will attempt to dereference it at line 1959 and in the loop at line 1963. Add a NULL check after line 1946.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Potential NULL pointer dereference in error path. If kVideoPortPorts is NULL (line 1708), the code continues to iterate over numPorts (line 1724) and dereference kVideoPortPorts[i] (line 1726), which would cause a crash. Add a NULL check before the loop.

[Copilot]

Potential NULL pointer dereference. If resolutions is NULL or defaultIndex is out of bounds, the code will attempt to access resolutions[defaultIndex].name which could crash. Add proper NULL and bounds checking before accessing the array.

[Copilot]

Typo in comment: "funcation" should be "function".

[Copilot]

Potential NULL pointer dereference. If kVidoeResolutionsSettings is NULL (which can happen if dsGetVideoPortResolutions fails), the code will attempt to dereference it at line 623 and line 630. Add a NULL check after line 598 before using the pointer.

[Copilot]

Potential NULL pointer dereference. If kVideoPortPorts is NULL (which can happen if dsGetVideoPortPortConfigs fails), the code will attempt to dereference it in the loop at line 684. Add a NULL check after line 668.

[Copilot]

Spelling error: "kVidoeResolutionsSettings" should be "kVideoResolutionsSettings" (missing 'i' in "Video"). This variable name appears multiple times and should be corrected for consistency.

[Copilot]

Potential NULL pointer dereference. If kAudioPorts is NULL (which can happen if dsGetAudioPortConfigs fails), the code will attempt to dereference it in the loop at line 3804. Add a NULL check after line 3800.

[Copilot]

Inconsistent member initialization order. The member _dfc is initialized in the initializer list, but _handle is assigned in the constructor body. For consistency and to avoid potential issues with initialization order, consider initializing all members in the initializer list or all in the constructor body. Note that the original code didn't initialize _dfc at all, so this change is adding initialization.

[Copilot]

Potential NULL pointer dereference. If kVideoPortPorts is NULL (which can happen if dsGetVideoPortPortConfigs fails to retrieve data), the code will attempt to dereference it in the loop at line 2452. Add a NULL check after line 2436.

[Copilot]

The NULL check uses C-style nullptr in a C file. In C, NULL should be used instead of nullptr, which is a C++ keyword.

[Copilot]

Pull request overview

Copilot reviewed 41 out of 41 changed files in this pull request and generated 12 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

allocateAndCopyAudioConfigs() does a raw memcpy() of dsAudioTypeConfig_t. Those structs contain pointer fields (e.g., name, encodings, compressions, stereoModes in the existing configs), and dsLoadConfigs() closes the HAL dlopen() handle after loading. That makes these pointers dangle (use-after-dlclose) when the configs are later consumed. Deep-copy all pointer members (and any pointed-to arrays) into DSMgr-owned memory, or keep the HAL library loaded for the lifetime of the copied configs.

[Copilot]

The error cleanup path attempts to free(videoPortConfiguration.pKVideoPortResolutionsSettings[i].name), but this file explicitly documents that dsVideoPortResolution_t::name is a fixed array (see the comment in allocateAndCopyVideoPortResolutions()), not heap memory. This would be an invalid free if the loop ever runs. Remove the per-element free and only free(pKVideoPortResolutionsSettings) (and make sure kResolutionsSettings_size is set before using it for cleanup).

[Copilot]

This second cleanup block also calls free(videoPortConfiguration.pKVideoPortResolutionsSettings[i].name), but dsVideoPortResolution_t::name is treated as a fixed array elsewhere in this file. This would be an invalid free. Only free the containing pKVideoPortResolutionsSettings allocation (and do not attempt to free name).

[Copilot]

dsVideoPortConfigFree() frees only the top-level arrays but never frees the per-entry heap allocations created earlier (strdup() for dsVideoPortTypeConfig_t::name and dsVideoPortPortConfig_t::defaultResolution). This leaks memory every time configs are loaded/freed. Free those duplicated strings (iterate the arrays) before freeing the arrays themselves.

[Copilot]

videoDeviceDumpconfig() uses access() but this file does not include a header that declares it (e.g., <unistd.h>). Since the build compiles *.c with $(CXX), this is typically a compile error. Add the proper include in this file.

[Copilot]

getSupportedResolutions() iterates _supportedResolutions without holding gSupportedResolutionsMutex, while other code updates _supportedResolutions under that mutex. This introduces a data race and potential iterator invalidation/crash. Take the same mutex while copying _supportedResolutions into tmpsupportedResolutions (or provide a thread-safe snapshot accessor).

Suggested change

	for (const VideoResolution& resolution : _supportedResolutions) {
	tmpsupportedResolutions.push_back(resolution);
	{
	std::lock_guard<std::mutex> lock(gSupportedResolutionsMutex);
	for (const VideoResolution& resolution : _supportedResolutions) {
	tmpsupportedResolutions.push_back(resolution);
	}

[Copilot]

When a log callback is registered (logCb != nullptr), ds_log() forwards only the formatted message string and drops fileName, lineNum, and func. Since the logging macros now always supply this metadata, callback users will lose critical context. Consider including the same prefix in the string passed to logCb (consistent with the stderr path).

Suggested change

	logCb(priority, formatted);
	char fullMsg[MAX_LOG_BUFF] = {'\0'};
	snprintf(fullMsg,
	sizeof(fullMsg),
	"[DS][%d] %s [%s:%d] %s: %s",
	(int)syscall(SYS_gettid),
	levelMap[static_cast<int>(priority)],
	fileName,
	lineNum,
	func,
	formatted);
	logCb(priority, fullMsg);

[Copilot]

On strdup failure cleanup, the code sets videoPortConfiguration.pKVideoPortConfigs[j].name = "NULL" after freeing. Assigning a string literal here makes the pointer non-NULL but not owned, which is error-prone (and can lead to freeing a literal if future cleanup code is added). Prefer setting it to NULL after free().

[Copilot]

Manager::Initialize() increments IsInitialized under the mutex before performing the one-time initialization work. A second thread entering Initialize() while the first is still initializing will see IsInitialized != 0, skip initialization (needInit == false), and return even though the system may not be ready yet. Consider holding the lock until initialization completes, or introduce a separate "initialization in progress/complete" state (e.g., std::once_flag / call_once, or a condition variable) so other threads block until the first initialization finishes successfully.

[Copilot]

_supportedResolutions and _originalSupportedResolutions are exposed as public mutable members. This breaks encapsulation and makes it easy to bypass the existing mutex protection (gSupportedResolutionsMutex), which can lead to data races (as already happens elsewhere). Prefer keeping these vectors private and exposing a const, thread-safe accessor (e.g., returns a copy/snapshot or a const& guarded by internal locking).

[Copilot]

Pull request overview

Copilot reviewed 41 out of 41 changed files in this pull request and generated 7 comments.

Comments suppressed due to low confidence (2)

rpc/srv/dsDisplay.c:586

• filterEDIDResolution allocates edidData but never checks whether malloc succeeded. Also the current NULL check is on edid (with a comment about malloc failure), so a NULL edidData would still be dereferenced by memset/memcpy_s, leading to a crash. Add an explicit if (edidData == NULL) guard (and keep the edid == NULL guard separately).
  rpc/srv/dsVideoPort.c:1973
• getPixelResolution() overwrites Resn on every loop iteration and always returns Resn->pixelResolution after the loop. If resolution does not match any entry, this returns the last resolution’s pixelResolution rather than the default/fallback resolution, which is incorrect behavior. Track whether a match was found and return the default when not found.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

dsGetDefaultPortHandle() returns NULL on error, but the return type is intptr_t (an integer type). Returning 0 (or NULL_HANDLE) is clearer and avoids pointer/integer mismatch warnings.

[Copilot]

This file uses access(..., F_OK) but does not include <unistd.h>, which can trigger implicit-declaration warnings (or build failures under stricter flags). Include <unistd.h> (and any needed feature macros) where access is used.

[Copilot]

Manager::Initialize() increments IsInitialized and allows subsequent callers to return immediately (needInit == false) even while the first thread is still performing initialization. That creates a race where clients observe the manager as “initialized” before init completes. Consider using std::call_once, or keep a separate “initializing/initialized” state with a condition variable so other threads wait for completion (and only increment the refcount after successful init).

[Copilot]

initializeFunctionWithRetry() retries unconditionally for any error code. This can add ~2.5s delay on permanent failures (e.g., NOT_SUPPORTED, INVALID_PARAM) and makes failures slower to surface. If the intent is only to wait for service readiness, limit retries to dsERR_INVALID_STATE (or a clearly defined retryable set) and fail fast for other errors.

[Copilot]

ds_log() indexes levelMap with priority without validating the value. If an out-of-range value is ever passed (e.g., from external callbacks), this becomes an out-of-bounds read. Add a bounds check (and/or clamp to a default string) and remove the redundant inner enum LogLevel declaration to avoid confusion/shadowing.

[Copilot]

enabledHDCP() treats -1 as an invalid handle, but elsewhere in the codebase NULL_HANDLE is defined as 0 for intptr_t handles. If dsGetVideoPort() returns 0 on failure, this check would incorrectly treat it as valid. Prefer initializing to 0 and validating against 0/NULL_HANDLE (or use the HAL-defined invalid-handle contract).

Suggested change

	intptr_t handle = -1;
	// Assuming isHDMIOutPortPresent() will only be 'true' for Source devices
	dsVideoPortType_t portType = device::Host::getInstance().isHDMIOutPortPresent()
	? dsVIDEOPORT_TYPE_HDMI
	: dsVIDEOPORT_TYPE_INTERNAL;
	ret = dsGetVideoPort(portType, 0, &handle);
	if ((ret == dsERR_NONE) && (handle != -1)) {
	intptr_t handle = 0;
	// Assuming isHDMIOutPortPresent() will only be 'true' for Source devices
	dsVideoPortType_t portType = device::Host::getInstance().isHDMIOutPortPresent()
	? dsVIDEOPORT_TYPE_HDMI
	: dsVIDEOPORT_TYPE_INTERNAL;
	ret = dsGetVideoPort(portType, 0, &handle);
	if ((ret == dsERR_NONE) && (handle != 0)) {

[Copilot]

getAudioPortHandle() returns NULL but the return type is intptr_t. Return 0 (or a named invalid-handle constant) to avoid pointer/integer mismatch and make the invalid-handle semantics explicit.

[Copilot]

Pull request overview

Copilot reviewed 41 out of 41 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (1)

rpc/srv/dsDisplay.c:586

• edidData is allocated with malloc() but the subsequent NULL-check tests edid instead of edidData. If malloc fails, this will dereference NULL in the following memset/memcpy_s. Check edidData == NULL (and return early) before using it.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

initializeFunctionWithRetry is forward-declared as static (internal linkage) but defined later without static, which will fail to compile due to mismatched linkage. Make the definition static as well, or drop the static from the forward declaration (and keep only one consistent declaration/definition).

Suggested change

	static dsError_t initializeFunctionWithRetry(const char* functionName, std::function<dsError_t()> initFunc);
	dsError_t initializeFunctionWithRetry(const char* functionName, std::function<dsError_t()> initFunc);

[Copilot]

connectedVOPs is being deep-copied as a single dsVideoPortPortId_t, but in the existing static configs it's an array (e.g. connectedVOPs[...][dsVIDEOPORT_TYPE_MAX]). This will truncate the data and can lead to out-of-bounds reads when code expects the full array. Allocate/copy the full array size (or introduce/consume an explicit length field) instead of assuming a single element.

[Copilot]

getAudioPortHandle() returns intptr_t but returns NULL on failure. Return 0 (or a dedicated invalid-handle value) to avoid pointer-to-integer conversion warnings and make the failure value explicit.

Suggested change

	cout << " Exception Thrown in getAudioPortHandle().. returning NULL...: " << e.what() << "\n";
	}
	return NULL;
	cout << " Exception Thrown in getAudioPortHandle().. returning 0 (invalid handle)...: " << e.what() << "\n";
	}
	return 0;

[Copilot]

Pull request overview

Copilot reviewed 42 out of 42 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (1)

ds/frontPanelConfig.cpp:103

• FrontPanelConfig::getInstance() now initializes the HAL but no longer loads the static/dynamic indicator/textDisplay configs, so _indicators/_textDisplays remain empty and subsequent getIndicator/getTextDisplay calls will throw "Bad indicator name". Either restore a load step after successful dsFPInit (for the static default) or make accessors fail with a clear "config not loaded" error until load() is called.

            errorCode = dsFPInit();
            if (dsERR_NONE == errorCode)
            {
                _singleton.m_isFPInitialized = true;
                INT_INFO("dsFPInit success\n");
            }
            else{
                INT_ERROR("dsFPInit failed with error[%d]. Retrying... (%d/20)\n", errorCode, retryCount);
                usleep(50000); // Sleep for 50ms before retrying

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Making _originalSupportedResolutions a public mutable member exposes internal state and lets callers modify the config cache (and bypass locking). Prefer keeping it private and exposing a const accessor (e.g., getOriginalSupportedResolutions() returning const std::vector<VideoResolution>&).

[Copilot]

dsGetDefaultPortHandle() returns NULL on error even though the return type is intptr_t. Since callers treat this as a handle and don't check for failure in some paths, returning 0 can lead to HAL calls with an invalid handle. Prefer returning an explicit invalid sentinel (e.g., -1) and updating call sites to guard against it, or propagate the error to the caller instead of returning a handle.

[Copilot]

When a log callback is registered, ds_log forwards only the formatted message to logCb and drops the level + file/line/function context that callers expect from the INT_* macros. This is a functional regression for callback consumers; consider building the full prefixed message (including level + [file:line] func) and passing that to the callback too. Also, levelMap[static_cast<int>(priority)] has no bounds check, so an invalid priority can read out of bounds; clamp/validate before indexing.