diff options
author | Mathias Agopian <mathias@google.com> | 2009-11-13 15:26:29 -0800 |
---|---|---|
committer | Mathias Agopian <mathias@google.com> | 2009-11-13 15:26:29 -0800 |
commit | 18e026066a95e5d63c2ece8007883b46599373ca (patch) | |
tree | e7c8d0f1e1cc5283222d635c595da3a2ce1bfc5f /libs/ui | |
parent | 73f8aa678055598738dfba54c60a1674bcbf02b1 (diff) | |
download | frameworks_base-18e026066a95e5d63c2ece8007883b46599373ca.zip frameworks_base-18e026066a95e5d63c2ece8007883b46599373ca.tar.gz frameworks_base-18e026066a95e5d63c2ece8007883b46599373ca.tar.bz2 |
fix some aspects of [2258746] native crash in launcher2
Surface::validate() could sometimes dereference a null pointer before checking it wasn't null.
This will prevent the application to crash when given bad parameters or used incorrectly.
However, the bug above probably has another cause.
Diffstat (limited to 'libs/ui')
-rw-r--r-- | libs/ui/Surface.cpp | 48 |
1 files changed, 19 insertions, 29 deletions
diff --git a/libs/ui/Surface.cpp b/libs/ui/Surface.cpp index f51ca7a..24ae27f 100644 --- a/libs/ui/Surface.cpp +++ b/libs/ui/Surface.cpp @@ -152,96 +152,85 @@ bool SurfaceControl::isSameSurface( status_t SurfaceControl::setLayer(int32_t layer) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setLayer(mToken, layer); } status_t SurfaceControl::setPosition(int32_t x, int32_t y) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setPosition(mToken, x, y); } status_t SurfaceControl::setSize(uint32_t w, uint32_t h) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setSize(mToken, w, h); } status_t SurfaceControl::hide() { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->hide(mToken); } status_t SurfaceControl::show(int32_t layer) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->show(mToken, layer); } status_t SurfaceControl::freeze() { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->freeze(mToken); } status_t SurfaceControl::unfreeze() { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->unfreeze(mToken); } status_t SurfaceControl::setFlags(uint32_t flags, uint32_t mask) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setFlags(mToken, flags, mask); } status_t SurfaceControl::setTransparentRegionHint(const Region& transparent) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setTransparentRegionHint(mToken, transparent); } status_t SurfaceControl::setAlpha(float alpha) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setAlpha(mToken, alpha); } status_t SurfaceControl::setMatrix(float dsdx, float dtdx, float dsdy, float dtdy) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setMatrix(mToken, dsdx, dtdx, dsdy, dtdy); } status_t SurfaceControl::setFreezeTint(uint32_t tint) { const sp<SurfaceComposerClient>& client(mClient); - if (client == 0) return NO_INIT; - status_t err = validate(client->mControl); + status_t err = validate(); if (err < 0) return err; return client->setFreezeTint(mToken, tint); } -status_t SurfaceControl::validate(SharedClient const* cblk) const +status_t SurfaceControl::validate() const { if (mToken<0 || mClient==0) { LOGE("invalid token (%d, identity=%u) or client (%p)", mToken, mIdentity, mClient.get()); return NO_INIT; } + SharedClient const* cblk = mClient->mControl; if (cblk == 0) { LOGE("cblk is null (surface id=%d, identity=%u)", mToken, mIdentity); return NO_INIT; @@ -394,7 +383,7 @@ bool Surface::isValid() { return mToken>=0 && mClient!=0; } -status_t Surface::validate(SharedClient const* cblk) const +status_t Surface::validate() const { sp<SurfaceComposerClient> client(getClient()); if (mToken<0 || mClient==0) { @@ -402,6 +391,7 @@ status_t Surface::validate(SharedClient const* cblk) const mToken, mIdentity, client.get()); return NO_INIT; } + SharedClient const* cblk = mClient->mControl; if (cblk == 0) { LOGE("cblk is null (surface id=%d, identity=%u)", mToken, mIdentity); return NO_INIT; @@ -488,7 +478,7 @@ status_t Surface::dequeueBuffer(sp<GraphicBuffer>* buffer) { int Surface::dequeueBuffer(android_native_buffer_t** buffer) { sp<SurfaceComposerClient> client(getClient()); - status_t err = validate(client->mControl); + status_t err = validate(); if (err != NO_ERROR) return err; @@ -533,7 +523,7 @@ int Surface::dequeueBuffer(android_native_buffer_t** buffer) int Surface::lockBuffer(android_native_buffer_t* buffer) { sp<SurfaceComposerClient> client(getClient()); - status_t err = validate(client->mControl); + status_t err = validate(); if (err != NO_ERROR) return err; @@ -546,7 +536,7 @@ int Surface::lockBuffer(android_native_buffer_t* buffer) int Surface::queueBuffer(android_native_buffer_t* buffer) { sp<SurfaceComposerClient> client(getClient()); - status_t err = validate(client->mControl); + status_t err = validate(); if (err != NO_ERROR) return err; |