From c2633ce19bdbca4cbf8d6a225ede68a0afd693b9 Mon Sep 17 00:00:00 2001 From: bdeng3X Date: Thu, 20 Mar 2014 09:15:34 +0800 Subject: [PATCH] GraphicProducerWrapper may return false transact status GraphicProducerWrapper(GPW) changed how the methods of BpGraphicBufferProducer(BpGBP) are executed. First, "fake" BpGBP is created. Its remote is GPW. The GPW has wrapped the real BpGBP. All the method calls to the fake BpGPB will be intercepted by the GPW inside it when the methods run into remote()->transact(). Then the GPW will invoke the transact() of the real BpGBP. And Everything runs well except that the GPW forgets to store the transact status and always return NO_ERROR to the fake BpGBP. It would be disastrous if the binder call of the IGBP failed and the out parameter "reply" of transact() was in unkown state. E.g. the queueBuffer() in the fake BpGBP will try to operate on the "reply". This will crash the SurfaceFlinger. Change-Id: I01b31f64e1fc92804da3f16c1fb1420dcfb3b855 Signed-off-by: bdeng3X Signed-off-by: Guobin Zhang --- services/surfaceflinger/SurfaceFlinger.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index bc559ccf7..943ed0221 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -2639,7 +2639,7 @@ class GraphicProducerWrapper : public BBinder, public MessageHandler { looper->sendMessage(this, Message(MSG_API_CALL)); barrier.wait(); } - return NO_ERROR; + return result; } /* @@ -2649,7 +2649,7 @@ class GraphicProducerWrapper : public BBinder, public MessageHandler { virtual void handleMessage(const Message& message) { android_atomic_release_load(&memoryBarrier); if (message.what == MSG_API_CALL) { - impl->asBinder()->transact(code, data[0], reply); + result = impl->asBinder()->transact(code, data[0], reply); barrier.open(); } else if (message.what == MSG_EXIT) { exitRequested = true;