From 4c05dd175ee3bd5119eecf368742b6510a8cfa6c Mon Sep 17 00:00:00 2001 From: Jeff Brown Date: Sun, 9 Sep 2012 00:07:17 -0700 Subject: [PATCH] Ensure that viewport and frame are initialized. onInitializeDisplays() was posting a transaction with changes to the display projection. Unfortunately, it only set the display orientation field and left viewport and frame uninitialized. The uninitialized values flowed downstream and found themselves baked into a bogus DisplayDevice mGlobalTransform. That transform was then applied to some Rects which were turned into Regions that were them combined with other Regions. Under certain situations, the uninitialized data might have a largish value, resulting in the creation of Regions with components in excess of the Region max-value limit of 0x7ffffff (note that this is not INT_MAX). Later when performing a binary operation using the Region, the Spanner would loop indefinitely trying to figure out how to stuff a humongous region inside of a max-value region. Not content to try just once, the Spanner would continue trying again and again, pegging the CPU and hanging surface flinger during boot. Insanity soon followed. Bug: 7130713 Change-Id: I0016f0c9662185be833474c212a1dd408096ae23 --- services/surfaceflinger/SurfaceFlinger.cpp | 2 ++ services/surfaceflinger/Transform.cpp | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index e11bfa00d..ef910d962 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -1728,6 +1728,8 @@ void SurfaceFlinger::onInitializeDisplays() { d.what = DisplayState::eDisplayProjectionChanged; d.token = mDefaultDisplays[DisplayDevice::DISPLAY_PRIMARY]; d.orientation = DisplayState::eOrientationDefault; + d.frame.makeInvalid(); + d.viewport.makeInvalid(); displays.add(d); setTransactionState(state, displays, 0); diff --git a/services/surfaceflinger/Transform.cpp b/services/surfaceflinger/Transform.cpp index ca3fa6eef..aca90e016 100644 --- a/services/surfaceflinger/Transform.cpp +++ b/services/surfaceflinger/Transform.cpp @@ -192,7 +192,6 @@ Transform::vec3 Transform::transform(const vec3& v) const { void Transform::transform(float* point, int x, int y) const { - const mat33& M(mMatrix); vec2 v(x, y); v = transform(v); point[0] = v[0];