From d8f17c54eb2de73c14057614cf9e1df5dbe4d832 Mon Sep 17 00:00:00 2001 From: Alec Mouri Date: Thu, 21 Jul 2022 18:43:10 +0000 Subject: Fail gracefully when allocating screenshot buffers Some devices have limited protected memory, and over-allocate buffers in the decoder during DRM playback of high resolution content. The decoder is able to fail gracefully, but SurfaceFlinger is stricter, causing the device to crash. More generally, SurfaceFlinger should not be so strict, because a malicious app could intentionally allocate many buffers and cause the system to crash. So, fail gracefully instead to prevent the entire system from falling over. Bug: 236200340 Test: 4K DRM playback Change-Id: Ia0018974fffc753342f78917ede0b67faa94916b --- services/surfaceflinger/SurfaceFlinger.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index 6a17cd8881..d6f665aa5d 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -6620,8 +6620,13 @@ ftl::SharedFuture SurfaceFlinger::captureScreenCommon( 1 /* layerCount */, usage, "screenshot"); const status_t bufferStatus = buffer->initCheck(); - LOG_ALWAYS_FATAL_IF(bufferStatus != OK, "captureScreenCommon: Buffer failed to allocate: %d", - bufferStatus); + if (bufferStatus != OK) { + // Animations may end up being really janky, but don't crash here. + // Otherwise an irreponsible process may cause an SF crash by allocating + // too much. + ALOGE("%s: Buffer failed to allocate: %d", __func__, bufferStatus); + return ftl::yield(base::unexpected(bufferStatus)).share(); + } const std::shared_ptr texture = std::make_shared< renderengine::impl::ExternalTexture>(buffer, getRenderEngine(), renderengine::impl::ExternalTexture::Usage:: -- cgit v1.2.3-59-g8ed1b