Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d1b330de authored by Jamie Gennis's avatar Jamie Gennis
Browse files

SurfaceTexture: fix an out of bounds array write 

This change fixes an issue causing the mEglContext member of a SurfaceTexture
to get incorrectly zeroed out.  This would happen when a call to
ConsumerBase::releaseBufferLocked resulted in the current buffer being freed.
Freeing the current buffer would set SurfaceTexture::mCurrentTexture to -1,
which would then be used by SurfaceTexture::releaseBufferLocked to reset the
current slot's EGLSyncKHR to EGL_NO_SYNC_KHR (= 0).  This would overwrite the
mEglContext field, resulting in context mismatch errors in
SurfaceTexture::doGLFenceWaitLocked.

The fix is to simply use the buffer slot that's passed in to
SurfaceTexture::releaseBufferLocked rather than mCurrentTexture.

Change-Id: I0e5e2bd88fcbb354c35a3744f317716fff3e0e41
parent aaf421c4

libs/gui/SurfaceTexture.cpp

+1 −1
Original line number Original line Diff line number Diff line
@@ -200,7 +200,7 @@ status_t SurfaceTexture::releaseBufferLocked(int buf, EGLDisplay display, 
    status_t err = ConsumerBase::releaseBufferLocked(buf, mEglDisplay,

    status_t err = ConsumerBase::releaseBufferLocked(buf, mEglDisplay,

           eglFence);

           eglFence);





    mEglSlots[mCurrentTexture].mEglFence = EGL_NO_SYNC_KHR;

    mEglSlots[buf].mEglFence = EGL_NO_SYNC_KHR;





    return err;

    return err;

}

}