SurfaceFlinger: Add NULL check for buffer handling

Add buffer handling NULL check in dequeueBuffer and
verify whether the output data from binder is not NULL
in queueBuffer and connect api's to avoid SF crash

CRs-Fixed: 573088
CRs-Fixed: 572315

Change-Id: I41cebbc0cbcbbb0fd5ecb38db7ec7b0c91cdffe9

diff --git a/libs/gui/IGraphicBufferProducer.cpp b/libs/gui/IGraphicBufferProducer.cpp
index fc86e60..6b38811 100644 (file)
--- a/libs/gui/IGraphicBufferProducer.cpp
+++ b/libs/gui/IGraphicBufferProducer.cpp
@@ -112,7 +112,12 @@ public:
         if (result != NO_ERROR) {
             return result;
         }
-        memcpy(output, reply.readInplace(sizeof(*output)), sizeof(*output));
+        const void *out_data =reply.readInplace(sizeof(*output));
+        if(out_data != NULL) {
+            memcpy(output, out_data, sizeof(*output));
+        } else {
+            return BAD_VALUE;
+        }
         result = reply.readInt32();
         return result;
     }
@@ -149,7 +154,12 @@ public:
         if (result != NO_ERROR) {
             return result;
         }
-        memcpy(output, reply.readInplace(sizeof(*output)), sizeof(*output));
+        const void *out_data =reply.readInplace(sizeof(*output));
+        if(out_data != NULL) {
+            memcpy(output, out_data, sizeof(*output));
+        } else {
+            return BAD_VALUE;
+        }
         result = reply.readInt32();
         return result;
     }

diff --git a/libs/gui/Surface.cpp b/libs/gui/Surface.cpp
index f03c473..57c1445 100644 (file)
--- a/libs/gui/Surface.cpp
+++ b/libs/gui/Surface.cpp
@@ -208,6 +208,9 @@ int Surface::dequeueBuffer(android_native_buffer_t** buffer, int* fenceFd) {
         if (result != NO_ERROR) {
             ALOGE("dequeueBuffer: IGraphicBufferProducer::requestBuffer failed: %d", result);
             return result;
+        } else if (gbuf == 0) {
+            ALOGE("dequeueBuffer: Buffer is null return");
+            return INVALID_OPERATION;
         }
     }