Check for null layer handles from clients
Fixes: 145096599
Test: Checked passing in a null layer handle doesn't crash surfaceflinger
Change-Id: I1150d25febc4c304c47740e7355130f9b83dd8db
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index c555f79..c605c38 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -3118,7 +3118,13 @@
listenerCallbacks.insert(listener);
}
- sp<Layer> layer(fromHandle(s.surface));
+ sp<Layer> layer = nullptr;
+ if (s.surface) {
+ layer = fromHandle(s.surface);
+ } else {
+ // The client may provide us a null handle. Treat it as if the layer was removed.
+ ALOGW("Attempt to set client state with a null layer handle");
+ }
if (layer == nullptr) {
for (auto& [listener, callbackIds] : s.listeners) {
mTransactionCompletedThread.registerUnpresentedCallbackHandle(