diff options
| author | Jamie Gennis <jgennis@google.com> | 2012-09-21 11:55:35 -0700 |
|---|---|---|
| committer | Jamie Gennis <jgennis@google.com> | 2012-09-21 12:15:22 -0700 |
| commit | d1b330de416adff0d178a5cb7271419d9ed7a89a (patch) | |
| tree | c2751efdda3af8c62a5244f3c038e47641550e66 | |
| parent | aaf421c465794c02f86ee2929f330a8b7206199b (diff) | |
| download | frameworks_native-d1b330de416adff0d178a5cb7271419d9ed7a89a.zip frameworks_native-d1b330de416adff0d178a5cb7271419d9ed7a89a.tar.gz frameworks_native-d1b330de416adff0d178a5cb7271419d9ed7a89a.tar.bz2 | |
SurfaceTexture: fix an out of bounds array write
This change fixes an issue causing the mEglContext member of a SurfaceTexture
to get incorrectly zeroed out. This would happen when a call to
ConsumerBase::releaseBufferLocked resulted in the current buffer being freed.
Freeing the current buffer would set SurfaceTexture::mCurrentTexture to -1,
which would then be used by SurfaceTexture::releaseBufferLocked to reset the
current slot's EGLSyncKHR to EGL_NO_SYNC_KHR (= 0). This would overwrite the
mEglContext field, resulting in context mismatch errors in
SurfaceTexture::doGLFenceWaitLocked.
The fix is to simply use the buffer slot that's passed in to
SurfaceTexture::releaseBufferLocked rather than mCurrentTexture.
Change-Id: I0e5e2bd88fcbb354c35a3744f317716fff3e0e41
| -rw-r--r-- | libs/gui/SurfaceTexture.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libs/gui/SurfaceTexture.cpp b/libs/gui/SurfaceTexture.cpp index f2e9077..cbd8c79 100644 --- a/libs/gui/SurfaceTexture.cpp +++ b/libs/gui/SurfaceTexture.cpp @@ -200,7 +200,7 @@ status_t SurfaceTexture::releaseBufferLocked(int buf, EGLDisplay display, status_t err = ConsumerBase::releaseBufferLocked(buf, mEglDisplay, eglFence); - mEglSlots[mCurrentTexture].mEglFence = EGL_NO_SYNC_KHR; + mEglSlots[buf].mEglFence = EGL_NO_SYNC_KHR; return err; } |