From 0a68b461d382304ae438fa8b52920fa75d178a1c Mon Sep 17 00:00:00 2001
From: Chia-I Wu <olv@google.com>
Date: Tue, 18 Jul 2017 11:30:05 -0700
Subject: [PATCH] surfaceflinger: fix a nullptr dereference

When the child layer latched a buffer but the fixed-size parent
layer never did (for reasons such as no buffer queued or buffer got
rejected), we could end up with p->mActiveBuffer being nullptr.

Bug: 62996512
Test: manual (I could never repro anyway)
Change-Id: Id7e4c7037633b8a37039baa6e8a306e55170b894
---
 services/surfaceflinger/Layer.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 273f194701..05975560aa 100755
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -2694,7 +2694,7 @@ Transform Layer::getTransform() const {
         // for in the transform. We need to mirror this scaling in child surfaces
         // or we will break the contract where WM can treat child surfaces as
         // pixels in the parent surface.
-        if (p->isFixedSize()) {
+        if (p->isFixedSize() && p->mActiveBuffer != nullptr) {
             int bufferWidth;
             int bufferHeight;
             if ((p->mCurrentTransform & NATIVE_WINDOW_TRANSFORM_ROT_90) == 0) {
-- 
2.11.0