From d0b55c011a311b677493ba72804bf1bc4df68224 Mon Sep 17 00:00:00 2001 From: Mathias Agopian Date: Wed, 16 Mar 2011 23:18:07 -0700 Subject: fix [4093196] Device lock up - log spam with SharedBufferStack: waitForCondition(LockCondition) timed out a memory corruption happned when the buffer pool was resized (like when playing a video or using camera) and there was no current active buffer. In this case, the faulty code would index into an array at position -1 which corrupted 24 bytes of data. also improved region validation code (ifdef'ed out by default) Bug: 4093196 Change-Id: I915c581d131148959d720e00e3892e9186ab733d --- services/surfaceflinger/Layer.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'services/surfaceflinger') diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp index 1297363..cd24478 100644 --- a/services/surfaceflinger/Layer.cpp +++ b/services/surfaceflinger/Layer.cpp @@ -858,11 +858,13 @@ status_t Layer::BufferManager::resize(size_t size, Mutex::Autolock _l(mLock); if (size < mNumBuffers) { - // Move the active texture into slot 0 - BufferData activeBufferData = mBufferData[mActiveBufferIndex]; - mBufferData[mActiveBufferIndex] = mBufferData[0]; - mBufferData[0] = activeBufferData; - mActiveBufferIndex = 0; + // If there is an active texture, move it into slot 0 if needed + if (mActiveBufferIndex > 0) { + BufferData activeBufferData = mBufferData[mActiveBufferIndex]; + mBufferData[mActiveBufferIndex] = mBufferData[0]; + mBufferData[0] = activeBufferData; + mActiveBufferIndex = 0; + } // Free the buffers that are no longer needed. for (size_t i = size; i < mNumBuffers; i++) { -- cgit v1.1