From 27c2a2da65b440f63bcbbc0389e49ae0c9d59af3 Mon Sep 17 00:00:00 2001 From: Alec Mouri Date: Wed, 27 Nov 2024 16:40:30 +0000 Subject: [PATCH] Reorder RengineEngine and LayerSettings in VTS VTS readback tests were crashing because RenderEngine before LayerSettings were deleted. LayerSettings holds onto ExternalTexture, which calls back into RenderEngine to clean up texture objects, so this was causing a UAF issue. Bug: 372063484 Test: VtsHalGraphicsComposer3_TargetTest (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:92a3161ed6a89858f95e03ce981ce7a4ed19b396) Merged-In: Iad39e1a4aa9a9488af54742df121a981756b6275 Change-Id: Iad39e1a4aa9a9488af54742df121a981756b6275 --- graphics/composer/aidl/vts/RenderEngineVts.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/graphics/composer/aidl/vts/RenderEngineVts.h b/graphics/composer/aidl/vts/RenderEngineVts.h index bbe508f620..6553720e5d 100644 --- a/graphics/composer/aidl/vts/RenderEngineVts.h +++ b/graphics/composer/aidl/vts/RenderEngineVts.h @@ -51,9 +51,10 @@ class TestRenderEngine { private: common::PixelFormat mFormat; - std::vector<::android::renderengine::LayerSettings> mCompositionLayers; std::unique_ptr<::android::renderengine::RenderEngine> mRenderEngine; - std::vector<::android::renderengine::LayerSettings> mRenderLayers; + // Delete RenderEngine layers before RenderEngine -- ExternalTexture holds a reference to + // RenderEngine. + std::vector<::android::renderengine::LayerSettings> mCompositionLayers; ::android::sp<::android::GraphicBuffer> mGraphicBuffer; DisplaySettings mDisplaySettings;