commit c0b2b0c457c45e09479029748e07e6d1b1c9d457
author Chia-I Wu <olv@google.com> Fri Sep 08 10:14:34 2017 -0700
committer Chia-I Wu <olv@google.com> Fri Sep 08 11:32:03 2017 -0700
tree 0bfcca8934d6c4934bd244e0b923db2ff49c7a76
parent a60e6a4548141eb6c179607ff6debba374e3a211

surfaceflinger: handle executeCommands transaction errors

Unlike other functions, executeCommands both sends and receives
handles.  It can fail for reasons such as out-of-fd.  We want to
protect SurfaceFlinger against out-of-fd.

Bug: 65449888
Test: manual
Change-Id: Id9420dbd6d0a943737c90bd3a1ae0df3805a4cb0

services/surfaceflinger/DisplayHardware/ComposerHal.cpp

diff --git a/services/surfaceflinger/DisplayHardware/ComposerHal.cpp b/services/surfaceflinger/DisplayHardware/ComposerHal.cpp
index ac739a2..cf01ad0 100644
--- a/services/surfaceflinger/DisplayHardware/ComposerHal.cpp
+++ b/services/surfaceflinger/DisplayHardware/ComposerHal.cpp
@@ -755,7 +755,7 @@
     }
 
     Error error = kDefaultError;
-    mClient->executeCommands(commandLength, commandHandles,
+    auto ret = mClient->executeCommands(commandLength, commandHandles,
             [&](const auto& tmpError, const auto& tmpOutChanged,
                 const auto& tmpOutLength, const auto& tmpOutHandles)
             {
@@ -788,6 +788,11 @@
                     error = Error::NO_RESOURCES;
                 }
             });
+    // executeCommands can fail because of out-of-fd and we do not want to
+    // abort() in that case
+    if (!ret.isOk()) {
+        ALOGE("executeCommands failed because of %s", ret.description().c_str());
+    }
 
     if (error == Error::NONE) {
         std::vector<CommandReader::CommandError> commandErrors =