Fix RenderArea use after free error When RenderEngine is single threaded, renderScreenImpl immediately calls present instead of moving it into the returned future. This caused the unique_ptr<RenderArea> to be destroyed when renderScreenImpl returned, deleting RenderArea prematurely. We can use a shared_ptr to ensure that RenderArea is only deleted once both captureScreenCommon and present no longer need it. Bug: 264827546 Test: atest ScreenCaptureTest Test: go/wm-smoke Change-Id: I8b591bec7c6ad07df9fa9b7f62495dac10a68a93

commit: 3190813d238c92aa6c4f63f7f672d9abf1be70bb [log] [tgz]
author: Patrick Williams <pdwilliams@google.com> Mon Jan 09 13:38:48 2023 -0600
committer: Patrick Williams <pdwilliams@google.com> Mon Jan 09 13:38:48 2023 -0600
tree: e77a8e41d6f1fd1eccca7c7ef595c57d68208f1a
parent: d26c1061e861b4418b7cf2dd56067d444c870de7 [diff] [blame]
diff --git a/services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h b/services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h
index 2117084..113c518 100644
--- a/services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h
+++ b/services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h

@@ -401,7 +401,7 @@
         return mFlinger->setPowerModeInternal(display, mode);
     }
 
-    auto renderScreenImpl(std::unique_ptr<RenderArea> renderArea,
+    auto renderScreenImpl(std::shared_ptr<const RenderArea> renderArea,
                           SurfaceFlinger::TraverseLayersFunction traverseLayers,
                           const std::shared_ptr<renderengine::ExternalTexture>& buffer,
                           bool forSystem, bool regionSampling) {
commit	3190813d238c92aa6c4f63f7f672d9abf1be70bb	[log] [tgz]
author	Patrick Williams <pdwilliams@google.com>	Mon Jan 09 13:38:48 2023 -0600
committer	Patrick Williams <pdwilliams@google.com>	Mon Jan 09 13:38:48 2023 -0600
tree	e77a8e41d6f1fd1eccca7c7ef595c57d68208f1a
parent	d26c1061e861b4418b7cf2dd56067d444c870de7 [diff] [blame]