gralloc1: Acquire mutex early in release Due race condition between release and retain calls, retain return stale handle. Which results in crash in SurfaceFlinger. Fix crash by acquiring mutex early in release function. Bug: 32384569 Change-Id: I9130f5864a53ef208dc1ad8ecf698f1847548285

commit: 56ec3afb8444a9a7056b54601bb6031465113621 [log] [tgz]
author: Ajit Kumar <kajit@qti.qualcomm.com> Fri Nov 25 12:08:53 2016 +0530
committer: Zach Johnson <zachoverflow@google.com> Thu Dec 29 12:21:22 2016 -0800
tree: 2939e1c598d31151ffeb40759fc6e77e0e418c74
parent: 3b36bcf7035c32fafe3070c54b427779467ad416 [diff] [blame]
diff --git a/libs/ui/Gralloc1On0Adapter.cpp b/libs/ui/Gralloc1On0Adapter.cpp
index d5b88de..ec7df31 100644
--- a/libs/ui/Gralloc1On0Adapter.cpp
+++ b/libs/ui/Gralloc1On0Adapter.cpp

@@ -288,6 +288,7 @@
 gralloc1_error_t Gralloc1On0Adapter::retain(
         const std::shared_ptr<Buffer>& buffer)
 {
+    std::lock_guard<std::mutex> lock(mBufferMutex);
     buffer->retain();
     return GRALLOC1_ERROR_NONE;
 }
@@ -295,6 +296,7 @@
 gralloc1_error_t Gralloc1On0Adapter::release(
         const std::shared_ptr<Buffer>& buffer)
 {
+    std::lock_guard<std::mutex> lock(mBufferMutex);
     if (!buffer->release()) {
         return GRALLOC1_ERROR_NONE;
     }
@@ -314,7 +316,6 @@
         }
     }
 
-    std::lock_guard<std::mutex> lock(mBufferMutex);
     mBuffers.erase(handle);
     return GRALLOC1_ERROR_NONE;
 }
commit	56ec3afb8444a9a7056b54601bb6031465113621	[log] [tgz]
author	Ajit Kumar <kajit@qti.qualcomm.com>	Fri Nov 25 12:08:53 2016 +0530
committer	Zach Johnson <zachoverflow@google.com>	Thu Dec 29 12:21:22 2016 -0800
tree	2939e1c598d31151ffeb40759fc6e77e0e418c74
parent	3b36bcf7035c32fafe3070c54b427779467ad416 [diff] [blame]