Forums - bug in libGLESv2_adreno/eglSubDriverAndroid

1 post / 0 new
or Register
bug in libGLESv2_adreno/eglSubDriverAndroid
qualcomm2
Join Date: 26 Apr 16
Posts: 1
Posted: Wed, 2019-10-30 09:05
Top

Dont know where to report a bug in android libGLESv2_adreno/eglSubDriverAndroid libraries so maybe here ayone will be interested in.

I found it during saninitizing my app.

In libGLESv2_adreno/eglSubDriverAndroid librariy there is a nullptr dereference on

some class that usues libutil/RefBase, bug causes dereference of nullptr of base class RefBase::weakref_type::mWeak

when calling glClear with valid egl context.

It looks like there is some pointer with weak reference and is called without checking if it is still valid , as it is a weak ref

We observe it for years on a tousands of devices in fabric/crashlytics.

weakref_impl* const mRefs;

class RefBase::weakref_impl : public RefBase::weakref_type
{
public:
    std::atomic<int32_t>    mStrong;
    std::atomic<int32_t>    mWeak; <----------
    RefBase* const          mBase;
    std::atomic<int32_t>    mFlags;


void RefBase::incStrong(const void* id) const
{
    weakref_impl* const refs = mRefs;
    refs->incWeak(id); <-------------------

    refs->addStrongRef(id);

void RefBase::weakref_type::incWeak(const void* id)
{
    weakref_impl* const impl = static_cast<weakref_impl*>(this);
    impl->addWeakRef(id);
    const int32_t c __unused = impl->mWeak.fetch_add(1,
            std::memory_order_relaxed); <------------

 

The stack trace

#08 /system/lib64/libutils.so (android::RefBase::incStrong(void const*)
const+4)
#09 /system/vendor/lib64/egl/eglSubDriverAndroid.so
(EglAndroidWindowSurface::UpdateBufferList(ANativeWindowBuffer*)+284)
#10 /system/vendor/lib64/egl/eglSubDriverAndroid.so
(EglAndroidWindowSurface::DequeueBuffer()+240)
#11 /system/vendor/lib64/egl/eglSubDriverAndroid.so
(EglAndroidWindowSurface::GetBuffer(EglSubResource*, EglMemoryDesc*)+64)
#12 /system/vendor/lib64/egl/libGLESv2_adreno.so
(EglWindowSurface::UpdateResource(EsxContext*)+116)
#13 /system/vendor/lib64/egl/libGLESv2_adreno.so
(EglWindowSurface::GetResource(EsxContext*, EsxResource**,
EsxResource**, int)+56)
#14 /system/vendor/lib64/egl/libGLESv2_adreno.so
(EglSurface::UpdateAuxResource(EsxContext*, EglSurface::EglAuxResource,
int, EsxResource**)+124)
#15 /system/vendor/lib64/egl/libGLESv2_adreno.so
(EsxContext::AcquireBackBuffer(int)+516)
#16 /system/vendor/lib64/egl/libGLESv2_adreno.so
(EsxContext::Clear(unsigned int, unsigned int, unsigned int,
EsxClearValues*)+104)
#17 /system/vendor/lib64/egl/libGLESv2_adreno.so
(EsxGlApiParamValidate::GlClear(EsxDispatch*, unsigned int)+236)
#18
  • Up0
  • Down0

Opinions expressed in the content posted here are the personal opinions of the original authors, and do not necessarily reflect those of Qualcomm Incorporated or its subsidiaries (“Qualcomm”). The content is provided for informational purposes only and is not meant to be an endorsement or representation by Qualcomm or any other party. This site may also provide links or references to non-Qualcomm sites and resources. Qualcomm makes no representations, warranties, or other commitments whatsoever about any non-Qualcomm sites or third-party resources that may be referenced, accessible from, or linked to this site.