SurfaceFlinger: Null guard for setRelativeLayer
Previous versions of this code (up until a change in October) would
simply return false from setRelativeLayer when a null handle was passed.
The current code will have a null SurfaceControl in this situation and
invoking getHandle will crash. It's unclear why a null handle is being
passed to setRelativeLayer but as always SurfaceFlinger should be
resistant to invalid input.
Bug: 178506688
Test: Existing tests pass
Change-Id: Ie6d497b14ec23c848fde3aae4b4940a3ec024f70
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 0a51659..8505970 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -3692,9 +3692,11 @@
if (what & layer_state_t::eRelativeLayerChanged) {
// NOTE: index needs to be calculated before we update the state
const auto& p = layer->getParent();
+ const auto& relativeHandle = s.relativeLayerSurfaceControl ?
+ s.relativeLayerSurfaceControl->getHandle() : nullptr;
if (p == nullptr) {
ssize_t idx = mCurrentState.layersSortedByZ.indexOf(layer);
- if (layer->setRelativeLayer(s.relativeLayerSurfaceControl->getHandle(), s.z) &&
+ if (layer->setRelativeLayer(relativeHandle, s.z) &&
idx >= 0) {
mCurrentState.layersSortedByZ.removeAt(idx);
mCurrentState.layersSortedByZ.add(layer);
@@ -3703,7 +3705,7 @@
flags |= eTransactionNeeded|eTraversalNeeded;
}
} else {
- if (p->setChildRelativeLayer(layer, s.relativeLayerSurfaceControl->getHandle(), s.z)) {
+ if (p->setChildRelativeLayer(layer, relativeHandle, s.z)) {
flags |= eTransactionNeeded|eTraversalNeeded;
}
}