Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / baed5257ad4d64bfd441d9cbacf13d4216b97cad^! / .
commitbaed5257ad4d64bfd441d9cbacf13d4216b97cad[log] [tgz]
authorTej Singh <singhtejinder@google.com>Fri May 01 17:30:00 2020 -0700
committerTej Singh <singhtejinder@google.com>Tue May 05 14:51:57 2020 -0700
tree77475b99afcc3ab77ee551aa862793994493d82b
parent5a619092757bde794992793bd4ff07d372fc9fe9 [diff]
Fix statsd NPE on setPullAtomCallback

Suspected root cause: if a process crashes right after calling
setPullAtomCallback, it's possible that oneway binder calls can queue
but do not execute before the process crashes. Then, when the process
crashes, nothing has a strong reference to the IPullAtomCallback, so
it gets deallocated. Then, when the oneway call actually executes, the
callback is null. This is being followed up in b/155793159

Regardless, statsd should handle null input properly.

Test: GTS test in ag/11348719 now passes
Test: atest GtsStatsdHostTestCases
Bug: 153822941
Change-Id: Ic6d415e10eca8d133290de80cb61e1634590ca6a

diff --git a/apex/statsd/framework/java/android/app/StatsManager.java b/apex/statsd/framework/java/android/app/StatsManager.java
index 7fbfc43..d1b7d8d 100644
--- a/apex/statsd/framework/java/android/app/StatsManager.java
+++ b/apex/statsd/framework/java/android/app/StatsManager.java

@@ -28,7 +28,6 @@
 import android.os.IPullAtomCallback;
 import android.os.IPullAtomResultReceiver;
 import android.os.IStatsManagerService;
-import android.os.IStatsd;
 import android.os.RemoteException;
 import android.os.StatsFrameworkInitializer;
 import android.util.AndroidException;
@@ -57,9 +56,6 @@
     private final Context mContext;
 
     @GuardedBy("sLock")
-    private IStatsd mService;
-
-    @GuardedBy("sLock")
     private IStatsManagerService mStatsManagerService;
 
     /**

diff --git a/apex/statsd/service/java/com/android/server/stats/StatsManagerService.java b/apex/statsd/service/java/com/android/server/stats/StatsManagerService.java
index 90764b0..97846f2 100644
--- a/apex/statsd/service/java/com/android/server/stats/StatsManagerService.java
+++ b/apex/statsd/service/java/com/android/server/stats/StatsManagerService.java

@@ -172,6 +172,10 @@
     public void registerPullAtomCallback(int atomTag, long coolDownMillis, long timeoutMillis,
             int[] additiveFields, IPullAtomCallback pullerCallback) {
         enforceRegisterStatsPullAtomPermission();
+        if (pullerCallback == null) {
+            Log.w(TAG, "Puller callback is null for atom " + atomTag);
+            return;
+        }
         int callingUid = Binder.getCallingUid();
         PullerKey key = new PullerKey(callingUid, atomTag);
         PullerValue val =

diff --git a/cmds/statsd/src/external/StatsPullerManager.cpp b/cmds/statsd/src/external/StatsPullerManager.cpp
index cfd5d14..0de7e62 100644
--- a/cmds/statsd/src/external/StatsPullerManager.cpp
+++ b/cmds/statsd/src/external/StatsPullerManager.cpp

@@ -354,6 +354,11 @@
     std::lock_guard<std::mutex> _l(mLock);
     VLOG("RegisterPullerCallback: adding puller for tag %d", atomTag);
 
+    if (callback == nullptr) {
+        ALOGW("SetPullAtomCallback called with null callback for atom %d.", atomTag);
+        return;
+    }
+
     StatsdStats::getInstance().notePullerCallbackRegistrationChanged(atomTag, /*registered=*/true);
     int64_t actualCoolDownNs = coolDownNs < kMinCoolDownNs ? kMinCoolDownNs : coolDownNs;
     int64_t actualTimeoutNs = timeoutNs > kMaxTimeoutNs ? kMaxTimeoutNs : timeoutNs;