gralloc1: Acquire mutex early in release

Due race condition between release and retain calls, retain return stale handle.
Which results in crash in SurfaceFlinger.
Fix crash by acquiring mutex early in release function.

Bug: 32384569
Change-Id: I9130f5864a53ef208dc1ad8ecf698f1847548285

diff --git a/libs/ui/Gralloc1On0Adapter.cpp b/libs/ui/Gralloc1On0Adapter.cpp
index d5b88de..ec7df31 100644 (file)
--- a/libs/ui/Gralloc1On0Adapter.cpp
+++ b/libs/ui/Gralloc1On0Adapter.cpp
@@ -288,6 +288,7 @@ gralloc1_error_t Gralloc1On0Adapter::allocateWithIdHook(
 gralloc1_error_t Gralloc1On0Adapter::retain(
         const std::shared_ptr<Buffer>& buffer)
 {
+    std::lock_guard<std::mutex> lock(mBufferMutex);
     buffer->retain();
     return GRALLOC1_ERROR_NONE;
 }
@@ -295,6 +296,7 @@ gralloc1_error_t Gralloc1On0Adapter::retain(
 gralloc1_error_t Gralloc1On0Adapter::release(
         const std::shared_ptr<Buffer>& buffer)
 {
+    std::lock_guard<std::mutex> lock(mBufferMutex);
     if (!buffer->release()) {
         return GRALLOC1_ERROR_NONE;
     }
@@ -314,7 +316,6 @@ gralloc1_error_t Gralloc1On0Adapter::release(
         }
     }
 
-    std::lock_guard<std::mutex> lock(mBufferMutex);
     mBuffers.erase(handle);
     return GRALLOC1_ERROR_NONE;
 }