From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: John Reck Date: Thu, 22 Apr 2021 16:55:09 -0400 Subject: [PATCH] Fix a potential thread safety issue in VectorDrawable Bug: 158839504 Bug: 185178568 Test: speculative Change-Id: Id9f229f08fe5897dda25441fbaa15c98f8130de9 (cherry picked from commit 32207ceb2fb408d06924b46919fc438477fddcf0) --- .../java/android/graphics/drawable/VectorDrawable.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/graphics/java/android/graphics/drawable/VectorDrawable.java b/graphics/java/android/graphics/drawable/VectorDrawable.java index d644beeb7d37..a182e5b8b71b 100644 --- a/graphics/java/android/graphics/drawable/VectorDrawable.java +++ b/graphics/java/android/graphics/drawable/VectorDrawable.java @@ -262,15 +262,19 @@ public class VectorDrawable extends Drawable { private final Rect mTmpBounds = new Rect(); public VectorDrawable() { - this(new VectorDrawableState(null), null); + this(null, null); } /** * The one constructor to rule them all. This is called by all public * constructors to set the state and initialize local properties. */ - private VectorDrawable(@NonNull VectorDrawableState state, @Nullable Resources res) { - mVectorState = state; + private VectorDrawable(@Nullable VectorDrawableState state, @Nullable Resources res) { + // As the mutable, not-thread-safe native instance is stored in VectorDrawableState, we + // need to always do a defensive copy even if mutate() isn't called. Otherwise + // draw() being called on 2 different VectorDrawable instances could still hit the same + // underlying native object. + mVectorState = new VectorDrawableState(state); updateLocalState(res); }