Fix potential overflow issue of buffers array.

Change-Id: I4d32443eb936f5ed0f0706f9e8fe3d3ac5187624
Signed-off-by: Joonbum Ko <joonbum.ko@samsung.com>

diff --git a/src/tpl_wl_egl_thread.c b/src/tpl_wl_egl_thread.c
index 041f163..1f2a63e 100755 (executable)
--- a/src/tpl_wl_egl_thread.c
+++ b/src/tpl_wl_egl_thread.c
@@ -2215,6 +2215,28 @@ _wl_egl_buffer_create(tpl_wl_egl_surface_t *wl_egl_surface,
                        for (i = 0; i < BUFFER_ARRAY_SIZE; i++)
                                if (wl_egl_surface->buffers[i] == NULL) break;
 
+                       /* If this exception is reached,
+                        * it may be a critical memory leak problem. */
+                       if (i == BUFFER_ARRAY_SIZE) {
+                               tpl_wl_egl_buffer_t *evicted_buffer = NULL;
+                               int evicted_idx = 0; /* evict the frontmost buffer */
+
+                               evicted_buffer = wl_egl_surface->buffers[evicted_idx];
+
+                               TPL_WARN("wl_egl_surface(%p) buffers array is full. evict one.",
+                                                wl_egl_surface);
+                               TPL_WARN("evicted buffer (%p) tbm_surface(%p) status(%s)",
+                                                evicted_buffer, evicted_buffer->tbm_surface,
+                                                status_to_string[evicted_buffer->status]);
+
+                               /* [TODO] need to think about whether there will be
+                                * better modifications */
+                               wl_egl_surface->buffer_cnt--;
+                               wl_egl_surface->buffers[evicted_idx]      = NULL;
+
+                               i = evicted_idx;
+                       }
+
                        wl_egl_surface->buffer_cnt++;
                        wl_egl_surface->buffers[i]          = wl_egl_buffer;
                        wl_egl_buffer->idx                  = i;