From 0e24a8385a63be6a799da902e1d5ffcbb7519c2a Mon Sep 17 00:00:00 2001 From: Marissa Wall Date: Wed, 10 Jul 2019 15:32:50 -0700 Subject: blast: fix leak on BufferStateLayer death SurfaceFlinger can occasionally leak graphic buffers. The leak happens when: 1) a transaction comes in and is placed in a queue 2) Chrome crashes 3) the parent layer is cleaned up 4) the child layer is told to release its buffer because it is no longer on screen 5) the transaction is applied with sets a callback handle on the layer which has a sp<> to the layer To fix this, the callback handle should not have a sp<> to layer. It is safe for the callback handle can have wp<> to the layer. The client side has a sp<> so during normal operation, SurfaceFlinger can promote the wp<>. The only time the promote will fail is if the client side is dead. If the client side is dead, there is no one to send a callback to so it doesn't matter if the promote fails. Bug: 135951943 Test: https://buganizer.corp.google.com/issues/135951943#comment34 Change-Id: I756ace14c90b03a6499a3187d235b42d91cdd05a --- services/surfaceflinger/TransactionCompletedThread.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'services/surfaceflinger/TransactionCompletedThread.h') diff --git a/services/surfaceflinger/TransactionCompletedThread.h b/services/surfaceflinger/TransactionCompletedThread.h index 21e2678701..e849f714d0 100644 --- a/services/surfaceflinger/TransactionCompletedThread.h +++ b/services/surfaceflinger/TransactionCompletedThread.h @@ -49,7 +49,7 @@ public: sp listener; std::vector callbackIds; - sp surfaceControl; + wp surfaceControl; bool releasePreviousBuffer = false; sp previousReleaseFence; -- cgit v1.2.3-59-g8ed1b