Fail gracefully when allocating screenshot buffers
Some devices have limited protected memory, and over-allocate buffers in
the decoder during DRM playback of high resolution content. The decoder
is able to fail gracefully, but SurfaceFlinger is stricter, causing the
device to crash.
More generally, SurfaceFlinger should not be so strict, because a
malicious app could intentionally allocate many buffers and cause the
system to crash. So, fail gracefully instead to prevent the entire
system from falling over.
Bug: 236200340
Test: 4K DRM playback
Change-Id: Ia0018974fffc753342f78917ede0b67faa94916b
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 6a17cd8..d6f665a 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -6620,8 +6620,13 @@
1 /* layerCount */, usage, "screenshot");
const status_t bufferStatus = buffer->initCheck();
- LOG_ALWAYS_FATAL_IF(bufferStatus != OK, "captureScreenCommon: Buffer failed to allocate: %d",
- bufferStatus);
+ if (bufferStatus != OK) {
+ // Animations may end up being really janky, but don't crash here.
+ // Otherwise an irreponsible process may cause an SF crash by allocating
+ // too much.
+ ALOGE("%s: Buffer failed to allocate: %d", __func__, bufferStatus);
+ return ftl::yield<FenceResult>(base::unexpected(bufferStatus)).share();
+ }
const std::shared_ptr<renderengine::ExternalTexture> texture = std::make_shared<
renderengine::impl::ExternalTexture>(buffer, getRenderEngine(),
renderengine::impl::ExternalTexture::Usage::