surfaceflinger: fix a nullptr dereference
When the child layer latched a buffer but the fixed-size parent
layer never did (for reasons such as no buffer queued or buffer got
rejected), we could end up with p->mActiveBuffer being nullptr.
Bug: 62996512
Test: manual (I could never repro anyway)
Change-Id: Id7e4c7037633b8a37039baa6e8a306e55170b894
(cherry picked from commit 0a68b461d382304ae438fa8b52920fa75d178a1c)
(cherry picked from commit 2e00825332f1807316eca5b4b41527e3bbab841f)
diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 88a5bd4..2305206 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -2682,7 +2682,7 @@
// for in the transform. We need to mirror this scaling in child surfaces
// or we will break the contract where WM can treat child surfaces as
// pixels in the parent surface.
- if (p->isFixedSize()) {
+ if (p->isFixedSize() && p->mActiveBuffer != nullptr) {
int bufferWidth;
int bufferHeight;
if ((p->mCurrentTransform & NATIVE_WINDOW_TRANSFORM_ROT_90) == 0) {