SurfaceFlinger: Add NULL check for buffer handling

Add buffer handling NULL check in dequeueBuffer and
verify whether the output data from binder is not NULL
in queueBuffer and connect api's to avoid SF crash

CRs-Fixed: 573088
CRs-Fixed: 572315

Change-Id: I41cebbc0cbcbbb0fd5ecb38db7ec7b0c91cdffe9

diff --git a/libs/gui/IGraphicBufferProducer.cpp b/libs/gui/IGraphicBufferProducer.cpp
index c3c6235..da02c68 100644 (file)
--- a/libs/gui/IGraphicBufferProducer.cpp
+++ b/libs/gui/IGraphicBufferProducer.cpp
@@ -185,7 +185,12 @@ public:
         if (result != NO_ERROR) {
             return result;
         }
-        memcpy(output, reply.readInplace(sizeof(*output)), sizeof(*output));
+        const void *out_data =reply.readInplace(sizeof(*output));
+        if(out_data != NULL) {
+            memcpy(output, out_data, sizeof(*output));
+        } else {
+            return BAD_VALUE;
+        }
         result = reply.readInt32();
         return result;
     }
@@ -227,7 +232,12 @@ public:
         if (result != NO_ERROR) {
             return result;
         }
-        memcpy(output, reply.readInplace(sizeof(*output)), sizeof(*output));
+        const void *out_data =reply.readInplace(sizeof(*output));
+        if(out_data != NULL) {
+            memcpy(output, out_data, sizeof(*output));
+        } else {
+            return BAD_VALUE;
+        }
         result = reply.readInt32();
         return result;
     }

diff --git a/libs/gui/Surface.cpp b/libs/gui/Surface.cpp
index ed24094..4f8a9a1 100644 (file)
--- a/libs/gui/Surface.cpp
+++ b/libs/gui/Surface.cpp
@@ -257,6 +257,9 @@ int Surface::dequeueBuffer(android_native_buffer_t** buffer, int* fenceFd) {
             ALOGE("dequeueBuffer: IGraphicBufferProducer::requestBuffer failed: %d", result);
             mGraphicBufferProducer->cancelBuffer(buf, fence);
             return result;
+        } else if (gbuf == 0) {
+            ALOGE("dequeueBuffer: Buffer is null return");
+            return INVALID_OPERATION;
         }
     }