From 65d9f6d63ab3bad1d835df14c662028a748eb3c5 Mon Sep 17 00:00:00 2001 From: Pablo Ceballos Date: Wed, 4 May 2016 13:59:35 -0700 Subject: libgui: Prevent segfaulting in abandoned ConsumerBase mConsumer will be null if the ConsumerBase has been abandoned. Prevent it from being dereferenced in those cases. Bug 27718219 Change-Id: I9a3ecadb0655ec61cd2fd15ee98b3e1bef078cff --- libs/gui/ConsumerBase.cpp | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'libs/gui/ConsumerBase.cpp') diff --git a/libs/gui/ConsumerBase.cpp b/libs/gui/ConsumerBase.cpp index 2187e5e8eb..a6a971282e 100644 --- a/libs/gui/ConsumerBase.cpp +++ b/libs/gui/ConsumerBase.cpp @@ -163,6 +163,10 @@ void ConsumerBase::abandon() { void ConsumerBase::abandonLocked() { CB_LOGV("abandonLocked"); + if (mAbandoned) { + CB_LOGE("abandonLocked: ConsumerBase is abandoned!"); + return; + } for (int i =0; i < BufferQueue::NUM_BUFFER_SLOTS; i++) { freeBufferLocked(i); } @@ -187,6 +191,11 @@ status_t ConsumerBase::detachBuffer(int slot) { CB_LOGV("detachBuffer"); Mutex::Autolock lock(mMutex); + if (mAbandoned) { + CB_LOGE("detachBuffer: ConsumerBase is abandoned!"); + return NO_INIT; + } + status_t result = mConsumer->detachBuffer(slot); if (result != NO_ERROR) { CB_LOGE("Failed to detach buffer: %d", result); @@ -200,17 +209,29 @@ status_t ConsumerBase::detachBuffer(int slot) { status_t ConsumerBase::setDefaultBufferSize(uint32_t width, uint32_t height) { Mutex::Autolock _l(mMutex); + if (mAbandoned) { + CB_LOGE("setDefaultBufferSize: ConsumerBase is abandoned!"); + return NO_INIT; + } return mConsumer->setDefaultBufferSize(width, height); } status_t ConsumerBase::setDefaultBufferFormat(PixelFormat defaultFormat) { Mutex::Autolock _l(mMutex); + if (mAbandoned) { + CB_LOGE("setDefaultBufferFormat: ConsumerBase is abandoned!"); + return NO_INIT; + } return mConsumer->setDefaultBufferFormat(defaultFormat); } status_t ConsumerBase::setDefaultBufferDataSpace( android_dataspace defaultDataSpace) { Mutex::Autolock _l(mMutex); + if (mAbandoned) { + CB_LOGE("setDefaultBufferDataSpace: ConsumerBase is abandoned!"); + return NO_INIT; + } return mConsumer->setDefaultBufferDataSpace(defaultDataSpace); } @@ -233,6 +254,11 @@ void ConsumerBase::dumpLocked(String8& result, const char* prefix) const { status_t ConsumerBase::acquireBufferLocked(BufferItem *item, nsecs_t presentWhen, uint64_t maxFrameNumber) { + if (mAbandoned) { + CB_LOGE("acquireBufferLocked: ConsumerBase is abandoned!"); + return NO_INIT; + } + status_t err = mConsumer->acquireBuffer(item, presentWhen, maxFrameNumber); if (err != NO_ERROR) { return err; @@ -289,6 +315,10 @@ status_t ConsumerBase::addReleaseFenceLocked(int slot, status_t ConsumerBase::releaseBufferLocked( int slot, const sp graphicBuffer, EGLDisplay display, EGLSyncKHR eglFence) { + if (mAbandoned) { + CB_LOGE("releaseBufferLocked: ConsumerBase is abandoned!"); + return NO_INIT; + } // If consumer no longer tracks this graphicBuffer (we received a new // buffer on the same slot), the buffer producer is definitely no longer // tracking it. -- cgit v1.2.3-59-g8ed1b