Skip to content
Commit 9696bd32 authored by Shibin George's avatar Shibin George
Browse files

Check if mSurface is valid before create SurfaceSession 

If mSurface has already been released in another thread,
this would result in a null-pointer dereference in
SurfaceSession contructor i.e. in nativeCreateScoped().

7757  7757 F DEBUG   : pid: 1402, tid: 1583, name: android.anim  >>> system_server <<<
7757  7757 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd0
7757  7757 F DEBUG   : Cause: null pointer dereference
... <trimmed>
7757  7757 F DEBUG   : backtrace:
7757  7757 F DEBUG   :     #00 pc 000000000007fe58  /system/lib64/libgui.so (android::Surface::getIGraphicBufferProducer() const)
7757  7757 F DEBUG   :     #01 pc 00000000000ff000  /system/lib64/libandroid_runtime.so (android::nativeCreateScoped(_JNIEnv*, _jclass*, long)+52)
7757  7757 F DEBUG   :     #02 pc 0000000000ac8968  /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.content.res.XmlBlock.nativeCreateParseState [DEDUPED]+152)
7757  7757 F DEBUG   :     #03 pc 0000000001327d24  /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.view.SurfaceSession.<init>+52)
7757  7757 F DEBUG   :     #04 pc 00000000014b7320  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSizeMismatchSnapshot+128)
7757  7757 F DEBUG   :     #05 pc 00000000014b784c  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSnapshot+188)
7757  7757 F DEBUG   :     #06 pc 00000000014b6f2c  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.create+2684)
7757  7757 F DEBUG   :     #07 pc 00000000014b0158  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotController.createStartingSurface+72)
7757  7757 F DEBUG   :     #08 pc 00000000014a5ca0  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.SnapshotStartingData.createStartingSurface+96)
7757  7757 F DEBUG   :     #09 pc 000000000144b030  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.AppWindowContainerController.lambda$-com_android_server_wm_AppWindowContainerController_4735+496)
... <trimmed>

Bug: 74129970

Change-Id: I41268c7680d3885c85fc3b682d0eba7415674062
parent 73200d9a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment