surfaceflinger: IBinder leak
TransactionCompletedThread never deleted its Listener sp<IBinder>
tokens from its pending thread which can lead to SurfaceFlinger
crashes. This patch adds the support for removing the sp<IBinder>
tokens when SurfaceFlinger is done with them.
Test: TransactionTest
Bug: 130430082
Change-Id: Icd773fc18f1a0440857bc65111c51c890746a42b
diff --git a/services/surfaceflinger/TransactionCompletedThread.cpp b/services/surfaceflinger/TransactionCompletedThread.cpp
index 6b2b583..34df606 100644
--- a/services/surfaceflinger/TransactionCompletedThread.cpp
+++ b/services/surfaceflinger/TransactionCompletedThread.cpp
@@ -144,6 +144,9 @@
} else {
ALOGW("cannot find listener in mPendingTransactions");
}
+ if (listener->second.size() == 0) {
+ mPendingTransactions.erase(listener);
+ }
status_t err = addCallbackHandle(handle);
if (err != NO_ERROR) {
@@ -231,7 +234,9 @@
// If we are still waiting on the callback handles for this transaction, stop
// here because all transaction callbacks for the same listener must come in order
- if (mPendingTransactions[listener].count(transactionStats.callbackIds) != 0) {
+ auto pendingTransactions = mPendingTransactions.find(listener);
+ if (pendingTransactions != mPendingTransactions.end() &&
+ pendingTransactions->second.count(transactionStats.callbackIds) != 0) {
break;
}