surfaceflinger: fix a nullptr dereference

When the child layer latched a buffer but the fixed-size parent layer never did (for reasons such as no buffer queued or buffer got rejected), we could end up with p->mActiveBuffer being nullptr. Bug: 62996512 Test: manual (I could never repro anyway) Change-Id: Id7e4c7037633b8a37039baa6e8a306e55170b894 (cherry picked from commit 0a68b461d382304ae438fa8b52920fa75d178a1c) (cherry picked from commit 2e00825332f1807316eca5b4b41527e3bbab841f)
author: Chia-I Wu <olv@google.com> 2017-07-18 11:30:05 -0700
committer: android-build-team Robot <android-build-team-robot@google.com> 2017-08-23 18:48:19 +0000
commit: 532673222decc40b3179e18886b4247c3b9fa88d (patch)
tree: 19d2082c959f0fffe1039d3876ee79d5c0e2bd15
parent: 7d951867416234a6f3228eb9d888009184b1d0b7 (diff)
download: native-532673222decc40b3179e18886b4247c3b9fa88d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 88a5bd4a06..230520611b 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -2682,7 +2682,7 @@ Transform Layer::getTransform() const {
         // for in the transform. We need to mirror this scaling in child surfaces
         // or we will break the contract where WM can treat child surfaces as
         // pixels in the parent surface.
-        if (p->isFixedSize()) {
+        if (p->isFixedSize() && p->mActiveBuffer != nullptr) {
             int bufferWidth;
             int bufferHeight;
             if ((p->mCurrentTransform & NATIVE_WINDOW_TRANSFORM_ROT_90) == 0) {
author	Chia-I Wu <olv@google.com>	2017-07-18 11:30:05 -0700
committer	android-build-team Robot <android-build-team-robot@google.com>	2017-08-23 18:48:19 +0000
commit	532673222decc40b3179e18886b4247c3b9fa88d (patch)
tree	19d2082c959f0fffe1039d3876ee79d5c0e2bd15
parent	7d951867416234a6f3228eb9d888009184b1d0b7 (diff)
download	native-532673222decc40b3179e18886b4247c3b9fa88d.tar.gz