SF: Fix UAF on every resolution switch Because resolution switching destroys the DisplayDevice, the commit that finalizes the modeset dereferences stray pointers to its FrameTargeter. Fix this by bailing out and committing again. Fixes: 352197706 Flag: EXEMPT bugfix Test: No SEGV_MTESERR crash on caiman with eng build Change-Id: I7ad3b5f44041e5307781c826d11057b12913b58d

commit: 59163fdf700298af6ea8939242b15697759a06af [log] [tgz]
author: Dominik Laskowski <domlaskowski@google.com> Mon Dec 09 11:36:21 2024 -0500
committer: Dominik Laskowski <domlaskowski@google.com> Mon Dec 09 15:15:15 2024 -0500
tree: 9860fb49befd9ff3b9311e3e14a1fffc0e457f2a
parent: 8c6afcf151af438342729f2399c43560ae1f353c [diff] [blame]
diff --git a/services/surfaceflinger/SurfaceFlinger.h b/services/surfaceflinger/SurfaceFlinger.h
index 1e2c087..5600d19 100644
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h

@@ -730,7 +730,11 @@
                                        Fps maxFps);
 
     void initiateDisplayModeChanges() REQUIRES(kMainThreadContext) REQUIRES(mStateLock);
-    void finalizeDisplayModeChange(PhysicalDisplayId) REQUIRES(kMainThreadContext)
+
+    // Returns whether the commit stage should proceed. The return value is ignored when finalizing
+    // immediate mode changes, which happen toward the end of the commit stage.
+    // TODO: b/355427258 - Remove the return value once the `synced_resolution_switch` flag is live.
+    bool finalizeDisplayModeChange(PhysicalDisplayId) REQUIRES(kMainThreadContext)
             REQUIRES(mStateLock);
 
     void dropModeRequest(PhysicalDisplayId) REQUIRES(kMainThreadContext);
commit	59163fdf700298af6ea8939242b15697759a06af	[log] [tgz]
author	Dominik Laskowski <domlaskowski@google.com>	Mon Dec 09 11:36:21 2024 -0500
committer	Dominik Laskowski <domlaskowski@google.com>	Mon Dec 09 15:15:15 2024 -0500
tree	9860fb49befd9ff3b9311e3e14a1fffc0e457f2a
parent	8c6afcf151af438342729f2399c43560ae1f353c [diff] [blame]