Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 87e94cd1 authored by Christopher Ferris's avatar Christopher Ferris
Browse files

Fix use of invalid iterator. 

The code grabbed an iterator to a slot, but eventually does an erase
of the iterator. Unfortunately, the code then attempts to use this
invalid iterator which can introduce subtle crashes by putting a
garbage value on the free buffer list.

Bug: 28351886
Change-Id: I42a4431b182cee4de829f15fa4ddc175a3d141f7
parent 2ee735c9

libs/gui/BufferQueueProducer.cpp

+4 −1
Original line number Diff line number Diff line
@@ -1280,11 +1280,14 @@ void BufferQueueProducer::allocateBuffers(uint32_t width, uint32_t height, 


                // freeBufferLocked puts this slot on the free slots list. Since

                // we then attached a buffer, move the slot to free buffer list.

                mCore->mFreeSlots.erase(slot);

                mCore->mFreeBuffers.push_front(*slot);



                BQ_LOGV("allocateBuffers: allocated a new buffer in slot %d",

                        *slot);



                // Make sure the erase is done after all uses of the slot

                // iterator since it will be invalid after this point.

                mCore->mFreeSlots.erase(slot);

            }



            mCore->mIsAllocating = false;