SurfaceTexture: fix an out of bounds array write This change fixes an issue causing the mEglContext member of a SurfaceTexture to get incorrectly zeroed out. This would happen when a call to ConsumerBase::releaseBufferLocked resulted in the current buffer being freed. Freeing the current buffer would set SurfaceTexture::mCurrentTexture to -1, which would then be used by SurfaceTexture::releaseBufferLocked to reset the current slot's EGLSyncKHR to EGL_NO_SYNC_KHR (= 0). This would overwrite the mEglContext field, resulting in context mismatch errors in SurfaceTexture::doGLFenceWaitLocked. The fix is to simply use the buffer slot that's passed in to SurfaceTexture::releaseBufferLocked rather than mCurrentTexture. Change-Id: I0e5e2bd88fcbb354c35a3744f317716fff3e0e41

commit: d1b330de416adff0d178a5cb7271419d9ed7a89a [log] [tgz]
author: Jamie Gennis <jgennis@google.com> Fri Sep 21 11:55:35 2012 -0700
committer: Jamie Gennis <jgennis@google.com> Fri Sep 21 12:15:22 2012 -0700
tree: c2751efdda3af8c62a5244f3c038e47641550e66
parent: aaf421c465794c02f86ee2929f330a8b7206199b [diff] [blame]
diff --git a/libs/gui/SurfaceTexture.cpp b/libs/gui/SurfaceTexture.cpp
index f2e9077..cbd8c79 100644
--- a/libs/gui/SurfaceTexture.cpp
+++ b/libs/gui/SurfaceTexture.cpp

@@ -200,7 +200,7 @@
     status_t err = ConsumerBase::releaseBufferLocked(buf, mEglDisplay,
            eglFence);
 
-    mEglSlots[mCurrentTexture].mEglFence = EGL_NO_SYNC_KHR;
+    mEglSlots[buf].mEglFence = EGL_NO_SYNC_KHR;
 
     return err;
 }
commit	d1b330de416adff0d178a5cb7271419d9ed7a89a	[log] [tgz]
author	Jamie Gennis <jgennis@google.com>	Fri Sep 21 11:55:35 2012 -0700
committer	Jamie Gennis <jgennis@google.com>	Fri Sep 21 12:15:22 2012 -0700
tree	c2751efdda3af8c62a5244f3c038e47641550e66
parent	aaf421c465794c02f86ee2929f330a8b7206199b [diff] [blame]