commit d0b55c011a311b677493ba72804bf1bc4df68224
author Mathias Agopian <mathias@google.com> Wed Mar 16 23:18:07 2011 -0700
committer Mathias Agopian <mathias@google.com> Thu Mar 17 00:04:42 2011 -0700
tree a7502118c6abd0c1aa64eba593b5e63aba3715fa
parent d5b7248aedde317033f1d815aae2fdbca2f51d5b

fix [4093196] Device lock up - log spam with SharedBufferStack: waitForCondition(LockCondition) timed out

a memory corruption happned when the buffer pool was resized
(like when playing a video or using camera) and there was
no current active buffer. In this case, the faulty code
would index into an array at position -1 which corrupted
24 bytes of data.

also improved region validation code (ifdef'ed out by default)

Bug: 4093196
Change-Id: I915c581d131148959d720e00e3892e9186ab733d

services/surfaceflinger/Layer.cpp

diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 1297363..cd24478 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -858,11 +858,13 @@
     Mutex::Autolock _l(mLock);
 
     if (size < mNumBuffers) {
-        // Move the active texture into slot 0
-        BufferData activeBufferData = mBufferData[mActiveBufferIndex];
-        mBufferData[mActiveBufferIndex] = mBufferData[0];
-        mBufferData[0] = activeBufferData;
-        mActiveBufferIndex = 0;
+        // If there is an active texture, move it into slot 0 if needed
+        if (mActiveBufferIndex > 0) {
+            BufferData activeBufferData = mBufferData[mActiveBufferIndex];
+            mBufferData[mActiveBufferIndex] = mBufferData[0];
+            mBufferData[0] = activeBufferData;
+            mActiveBufferIndex = 0;
+        }
 
         // Free the buffers that are no longer needed.
         for (size_t i = size; i < mNumBuffers; i++) {