surfaceflinger: fix a potential child layer leak We should not remove a child layer from its already removed parent. Call p->removeChild only after we've checked that the ancestor is alive. Apply e6b63e1ae12692327f7e46d5f10d6ade5a7bf192 and this fix to SurfaceFlinger_hwc1.cpp as well. Bug: 37121786 Test: manual stress test Change-Id: I7b811450a998acc4ad9690bd4eda058ce6588e14

commit: fae51c438827ae0a55c1b83c0e9be348254bfbd4 [log] [tgz]
author: Chia-I Wu <olv@google.com> Thu Jun 15 12:53:59 2017 -0700
committer: Chia-I Wu <olv@google.com> Fri Jun 16 16:30:05 2017 -0700
tree: 376dbc36387cdf7bdedadcfffd0fbcb928f2b498
parent: 515dc9c538b8206b746eeb4906ac0b8aed1fb497 [diff] [blame]
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 6174185..29e7bd6 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp

@@ -2689,8 +2689,6 @@
             return NO_ERROR;
         }
 
-        index = p->removeChild(layer);
-
         sp<Layer> ancestor = p;
         while (ancestor->getParent() != nullptr) {
             ancestor = ancestor->getParent();
@@ -2699,6 +2697,8 @@
             ALOGE("removeLayer called with a layer whose parent has been removed");
             return NAME_NOT_FOUND;
         }
+
+        index = p->removeChild(layer);
     } else {
         index = mCurrentState.layersSortedByZ.remove(layer);
     }
commit	fae51c438827ae0a55c1b83c0e9be348254bfbd4	[log] [tgz]
author	Chia-I Wu <olv@google.com>	Thu Jun 15 12:53:59 2017 -0700
committer	Chia-I Wu <olv@google.com>	Fri Jun 16 16:30:05 2017 -0700
tree	376dbc36387cdf7bdedadcfffd0fbcb928f2b498
parent	515dc9c538b8206b746eeb4906ac0b8aed1fb497 [diff] [blame]