surfaceflinger: fix a nullptr dereference

When the child layer latched a buffer but the fixed-size parent
layer never did (for reasons such as no buffer queued or buffer got
rejected), we could end up with p->mActiveBuffer being nullptr.

Bug: 62996512
Test: manual (I could never repro anyway)
Change-Id: Id7e4c7037633b8a37039baa6e8a306e55170b894
(cherry picked from commit 0a68b461d382304ae438fa8b52920fa75d178a1c)

diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 88a5bd4..2305206 100644 (file)
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -2682,7 +2682,7 @@ Transform Layer::getTransform() const {
         // for in the transform. We need to mirror this scaling in child surfaces
         // or we will break the contract where WM can treat child surfaces as
         // pixels in the parent surface.
-        if (p->isFixedSize()) {
+        if (p->isFixedSize() && p->mActiveBuffer != nullptr) {
             int bufferWidth;
             int bufferHeight;
             if ((p->mCurrentTransform & NATIVE_WINDOW_TRANSFORM_ROT_90) == 0) {