Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9696bd32 authored by Shibin George's avatar Shibin George
Browse files

Check if mSurface is valid before create SurfaceSession 

If mSurface has already been released in another thread,
this would result in a null-pointer dereference in
SurfaceSession contructor i.e. in nativeCreateScoped().

7757  7757 F DEBUG   : pid: 1402, tid: 1583, name: android.anim  >>> system_server <<<
7757  7757 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd0
7757  7757 F DEBUG   : Cause: null pointer dereference
... <trimmed>
7757  7757 F DEBUG   : backtrace:
7757  7757 F DEBUG   :     #00 pc 000000000007fe58  /system/lib64/libgui.so (android::Surface::getIGraphicBufferProducer() const)
7757  7757 F DEBUG   :     #01 pc 00000000000ff000  /system/lib64/libandroid_runtime.so (android::nativeCreateScoped(_JNIEnv*, _jclass*, long)+52)
7757  7757 F DEBUG   :     #02 pc 0000000000ac8968  /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.content.res.XmlBlock.nativeCreateParseState [DEDUPED]+152)
7757  7757 F DEBUG   :     #03 pc 0000000001327d24  /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.view.SurfaceSession.<init>+52)
7757  7757 F DEBUG   :     #04 pc 00000000014b7320  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSizeMismatchSnapshot+128)
7757  7757 F DEBUG   :     #05 pc 00000000014b784c  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSnapshot+188)
7757  7757 F DEBUG   :     #06 pc 00000000014b6f2c  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.create+2684)
7757  7757 F DEBUG   :     #07 pc 00000000014b0158  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotController.createStartingSurface+72)
7757  7757 F DEBUG   :     #08 pc 00000000014a5ca0  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.SnapshotStartingData.createStartingSurface+96)
7757  7757 F DEBUG   :     #09 pc 000000000144b030  /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.AppWindowContainerController.lambda$-com_android_server_wm_AppWindowContainerController_4735+496)
... <trimmed>

Bug: 74129970

Change-Id: I41268c7680d3885c85fc3b682d0eba7415674062
parent 73200d9a

services/core/java/com/android/server/wm/TaskSnapshotSurface.java

+3 −0
Original line number Diff line number Diff line
@@ -301,6 +301,9 @@ class TaskSnapshotSurface implements StartingSurface { 
    }



    private void drawSizeMismatchSnapshot(GraphicBuffer buffer) {

        if (!mSurface.isValid()) {

            throw new IllegalStateException("mSurface does not hold a valid surface.");

        }

        final SurfaceSession session = new SurfaceSession(mSurface);



        // Keep a reference to it such that it doesn't get destroyed when finalized.