My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 354: libc segmentation fault driven by surfaceflinger on zoom2
1 person starred this issue and may be notified of changes. Back to list
Status:  Incomplete
Owner:  ----
Closed:  Dec 2009


Sign in to add a comment
 
Reported by ajay.spikii, Dec 9, 2009
Affected Version : donut
Environment      : zoom2

What steps will reproduce the problem?
1. Open the camera
2. Close the camera
3. Repeat the above steps for 20 - 25 times very fast.
4. zoom2 re-starts itself or the overlay becomes unavailable since the
destroyoverlay() function is not called because of the lock problem in
LayerBuffer.cpp file

What is the expected output? What do you see instead?
No segmentation fault should be observed and things should work fine

Please provide any additional information below.
Analysis:
In LayerBuffer.cpp file, serverdestroy() and the ~OverlaySource() are
called when this happens.
Found a bug in that case, where the Overlay destroy is called twice because
of a small bug in LayerBuffer.cpp
Fixed the bug by adding mOverlay = 0;
LayerBuffer::OverlaySource::~OverlaySource()
{
    if (mOverlay && mOverlayDevice) {
        overlay_control_device_t* overlay_dev = mOverlayDevice;
        overlay_dev->destroyOverlay(overlay_dev, mOverlay);
        mOverlay = 0;
    }
}

But still the issue happens.
When the serverdestroy() function is called, it gets locked in the
clearSource() function and never comes out. Overlay is not destroyed and
next instance of camera doesnot open.

1. Either libc crash happens
2. Or the overlay is not destroyed from the SurfaceFlinger.

crash_dump
2.5 KB   View   Download
function_info
1.9 KB   View   Download
Dec 9, 2009
#1 sop@google.com
Wrong project.

Please report this to android itself:

https://code.google.com/p/android/
Status: Incomplete
Sign in to add a comment

Powered by Google Project Hosting