From adf51bac81fa28637d00227a44d7b20ea035980a Mon Sep 17 00:00:00 2001 From: Pablo Ceballos Date: Thu, 5 May 2016 13:49:03 -0700 Subject: [PATCH] BQ: Fix segfault in dump() When dequeueBuffer() is called we put the slot in mActiveBuffers, then don't hold the BufferQueue lock while allocation occurs. So a slot might be in mActiveBuffers but not have a buffer attached yet. Prevent the dump function from segfaulting in this case. Bug 27128710 Change-Id: Ie1480c0f9b2544554fc3281045e55ad30605e6ec --- libs/gui/BufferQueueCore.cpp | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/libs/gui/BufferQueueCore.cpp b/libs/gui/BufferQueueCore.cpp index 052de3dfe3..ba34eb6695 100644 --- a/libs/gui/BufferQueueCore.cpp +++ b/libs/gui/BufferQueueCore.cpp @@ -130,11 +130,18 @@ void BufferQueueCore::dump(String8& result, const char* prefix) const { for (int s : mActiveBuffers) { const sp& buffer(mSlots[s].mGraphicBuffer); - result.appendFormat("%s%s[%02d:%p] state=%-8s, %p [%4ux%4u:%4u,%3X]\n", - prefix, (mSlots[s].mBufferState.isAcquired()) ? ">" : " ", s, - buffer.get(), mSlots[s].mBufferState.string(), buffer->handle, - buffer->width, buffer->height, buffer->stride, buffer->format); - + // A dequeued buffer might be null if it's still being allocated + if (buffer.get()) { + result.appendFormat("%s%s[%02d:%p] state=%-8s, %p " + "[%4ux%4u:%4u,%3X]\n", prefix, + (mSlots[s].mBufferState.isAcquired()) ? ">" : " ", s, + buffer.get(), mSlots[s].mBufferState.string(), + buffer->handle, buffer->width, buffer->height, + buffer->stride, buffer->format); + } else { + result.appendFormat("%s [%02d:%p] state=%-8s\n", prefix, s, + buffer.get(), mSlots[s].mBufferState.string()); + } } for (int s : mFreeBuffers) { const sp& buffer(mSlots[s].mGraphicBuffer); -- 2.11.0