From 8b70cf229a31f2d9efd5babd714d3e36d8605552 Mon Sep 17 00:00:00 2001
From: Joonbum Ko <joonbum.ko@samsung.com>
Date: Thu, 1 Apr 2021 16:49:25 +0900
Subject: [PATCH] Fix potential overflow issue of buffers array.

Change-Id: I4d32443eb936f5ed0f0706f9e8fe3d3ac5187624
Signed-off-by: Joonbum Ko <joonbum.ko@samsung.com>
---
 src/tpl_wl_egl_thread.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/tpl_wl_egl_thread.c b/src/tpl_wl_egl_thread.c
index 041f163..1f2a63e 100755
--- a/src/tpl_wl_egl_thread.c
+++ b/src/tpl_wl_egl_thread.c
@@ -2215,6 +2215,28 @@ _wl_egl_buffer_create(tpl_wl_egl_surface_t *wl_egl_surface,
 			for (i = 0; i < BUFFER_ARRAY_SIZE; i++)
 				if (wl_egl_surface->buffers[i] == NULL) break;
 
+			/* If this exception is reached,
+			 * it may be a critical memory leak problem. */
+			if (i == BUFFER_ARRAY_SIZE) {
+				tpl_wl_egl_buffer_t *evicted_buffer = NULL;
+				int evicted_idx = 0; /* evict the frontmost buffer */
+
+				evicted_buffer = wl_egl_surface->buffers[evicted_idx];
+
+				TPL_WARN("wl_egl_surface(%p) buffers array is full. evict one.",
+						 wl_egl_surface);
+				TPL_WARN("evicted buffer (%p) tbm_surface(%p) status(%s)",
+						 evicted_buffer, evicted_buffer->tbm_surface,
+						 status_to_string[evicted_buffer->status]);
+
+				/* [TODO] need to think about whether there will be
+				 * better modifications */
+				wl_egl_surface->buffer_cnt--;
+				wl_egl_surface->buffers[evicted_idx]      = NULL;
+
+				i = evicted_idx;
+			}
+
 			wl_egl_surface->buffer_cnt++;
 			wl_egl_surface->buffers[i]          = wl_egl_buffer;
 			wl_egl_buffer->idx                  = i;
-- 
2.7.4