AImageReader: avoid edit during traversing
Test: HWAsan build + CTS NativeImageReaderTest
Bug: 119839845
Change-Id: Ic22dba944e233fc55b5fe35004148867348f951a
diff --git a/media/ndk/NdkImageReader.cpp b/media/ndk/NdkImageReader.cpp
index b86ab42..1a0c3b1 100644
--- a/media/ndk/NdkImageReader.cpp
+++ b/media/ndk/NdkImageReader.cpp
@@ -357,8 +357,10 @@
it != mAcquiredImages.end(); it++) {
AImage* image = *it;
Mutex::Autolock _l(image->mLock);
- releaseImageLocked(image, /*releaseFenceFd*/-1);
+ // Do not alter mAcquiredImages while we are iterating on it
+ releaseImageLocked(image, /*releaseFenceFd*/-1, /*clearCache*/false);
}
+ mAcquiredImages.clear();
// Delete Buffer Items
for (auto it = mBuffers.begin();
@@ -497,7 +499,7 @@
}
void
-AImageReader::releaseImageLocked(AImage* image, int releaseFenceFd) {
+AImageReader::releaseImageLocked(AImage* image, int releaseFenceFd, bool clearCache) {
BufferItem* buffer = image->mBuffer;
if (buffer == nullptr) {
// This should not happen, but is not fatal
@@ -521,6 +523,10 @@
image->mLockedBuffer = nullptr;
image->mIsClosed = true;
+ if (!clearCache) {
+ return;
+ }
+
bool found = false;
// cleanup acquired image list
for (auto it = mAcquiredImages.begin();
diff --git a/media/ndk/NdkImageReaderPriv.h b/media/ndk/NdkImageReaderPriv.h
index 78152d2..e328cb1 100644
--- a/media/ndk/NdkImageReaderPriv.h
+++ b/media/ndk/NdkImageReaderPriv.h
@@ -88,7 +88,7 @@
media_status_t acquireImageLocked(/*out*/AImage** image, /*out*/int* fenceFd);
// Called by AImage/~AImageReader to close image. Caller is responsible to grab AImage::mLock
- void releaseImageLocked(AImage* image, int releaseFenceFd);
+ void releaseImageLocked(AImage* image, int releaseFenceFd, bool clearCache = true);
static int getBufferWidth(BufferItem* buffer);
static int getBufferHeight(BufferItem* buffer);