fixup! libs: hwui: Fix a race condition and null pointer dereference

* this fixup is based from reported backtrace from crdroid (i have no copy of updated backtrace)

pid: 2564, tid: 2618, name: RenderThread  >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
Cause: null pointer dereference
    x0  b40000736242a1e0  x1  0000000000000000  x2  00000073845059b0  x3  0000000000000001
    x4  0000007384504fd0  x5  b4000074120a0244  x6  00000000134813e0  x7  0000000000000010
    x8  0000000000000000  x9  0000000000000000  x10 0000000000000000  x11 b400007443b7cfcc
    x12 000000000000015e  x13 0000000000000000  x14 00000074c626d330  x15 0000000000000000
    x16 00000074d6b35060  x17 00000074e3eea600  x18 00000073841be000  x19 b40000736242a1e0
    x20 b40000741219e640  x21 b4000074131080d0  x22 0000007384506000  x23 00000000ffffffff
    x24 b400007443cf0008  x25 7ffffffffffffff8  x26 1fffffffffffffff  x27 00000000ffffffff
    x28 b4000074061b0da8  x29 0000007384505790
    lr  00000074c6469778  sp  0000007384505790  pc  00000074c6467da8  pst 0000000000001000

backtrace:
      #00 pc 0000000000251da8  /system/lib64/libhwui.so (android::uirenderer::BaseRenderNodeAnimator::pushStaging(android::uirenderer::AnimationContext&)+232) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      Colt-Enigma#1 pc 0000000000253774  /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+596) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      Colt-Enigma#2 pc 000000000025132c  /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      Colt-Enigma#3 pc 00000000002676c4  /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      Colt-Enigma#4 pc 0000000000292780  /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      Colt-Enigma#5 pc 0000000000293f00  /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareAndDraw(android::uirenderer::RenderNode*)+176) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      Colt-Enigma#6 pc 00000000002a94dc  /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::RenderThread::frameCallback(long, long, long, long)::$_0, std::__1::allocator<android::uirenderer::renderthread::RenderThread::frameCallback(long, long, long, long)::$_0>, void ()>::operator()() (.cf82759fcc28f80417602914fe3f7adc)+172) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      #07 pc 0000000000282d44  /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      #08 pc 00000000002a80fc  /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556) (BuildId: 79dc23449e3f71e7647d99fc4984c53f)
      #09 pc 0000000000013a14  /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436) (BuildId: 83f16edd6c377c8ae02f3810c8fdb2cc)
      #10 pc 00000000000ce7fc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 5c2a466eab8a09587d6f96c2c9b8f088)
      #11 pc 0000000000055cd0  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 5c2a466eab8a09587d6f96c2c9b8f088)

* it seems like 104a9ac2879042e0129767779c086f7b223a6061 caused a breakage in synchronization across multiple invocations of pushStaging() without fixing the issue.
* this CL attempts to address the synchronization breakage (for race condition) while giving another try to resolve the null point dereference issue (just trying until someone better fixes it for real or until the qs crash bug count reduces to few numbers)
* this CL adds previously remove null checks from f263477f1908bbefdd81e3f1f0dbd16d1a123571 (just changed the null checks to nullptr, credits and thanks for the backtrace), while adding another set of null checks and logs checkpoint for debugging and finally tracing the root cause of this issue.

incase a pro decides to fix this issue for real:

here are captured logs while debugging with null handling checkpoints and stuffs i got

logs:
05-19 16:23:27.475  1780  1862 E OpenGLRenderer: PushStaging: Null animator or animation handle in mAnimators.push_back()
05-19 16:23:27.475  1780  1862 E OpenGLRenderer: PushStaging: Null animator or animation handle in mAnimators.push_back()

* null dereferencing
  - adding anim->target() != nullptr causes white screen when unlocking with pin

Change-Id: If0b014ebbfee7d4c00712a4d193f0ffbb3389012
Signed-off-by: minaripenguin <minaripenguin@users.noreply.github.com>

Author: minaripenguin

libs/hwui/AnimatorManager.cpp

@@ -75,34 +75,34 @@ void AnimatorManager::pushStaging() {
             return;
         }
 
-        // Prevent multiple threads from accessing the list
-        std::mutex mNewAnimatorsMutex;
-
         // Acquire the lock 
         std::lock_guard<std::mutex> lock(mNewAnimatorsMutex);
 
         // Only add new animators that are not already in the mAnimators list
         if (mNewAnimators.size()) {
             for (auto& anim : mNewAnimators) {
-            	// Safety check for null pointer
                 if (anim != nullptr && anim->target() != &mParent) {
                     mAnimators.push_back(std::move(anim));
                 }
             }
-            // Clear the list.
             mNewAnimators.clear(
         }
     }
 
-    if (mCancelAllAnimators) {
-        for (auto& animator : mAnimators) {
-                animator->forceEndNow(mAnimationHandle->context());
+    if (mAnimators.size()) {
+        if (mCancelAllAnimators) {
+            for (auto& animator : mAnimators) {
+                if (animator != nullptr && mAnimationHandle != nullptr) {
+                    animator->forceEndNow(mAnimationHandle->context());
+                }
+            }
+            mCancelAllAnimators = false;
+        } else {
+            for (auto& animator : mAnimators) {
+                if (animator != nullptr && mAnimationHandle != nullptr) {
+                    animator->pushStaging(mAnimationHandle->context());
+                }
             }
-        }
-        mCancelAllAnimators = false;
-    } else {
-        for (auto& animator : mAnimators) {
-                animator->pushStaging(mAnimationHandle->context());
             }
         }
     }

libs/hwui/AnimatorManager.h

@@ -19,6 +19,7 @@
 #include <cutils/compiler.h>
 #include <utils/StrongPointer.h>
 
+#include <mutex>
 #include <vector>
 
 #include "utils/Macros.h"
@@ -64,6 +65,8 @@ class AnimatorManager {
 
     bool hasAnimators() { return mAnimators.size(); }
 
+    std::mutex mNewAnimatorsMutex;
+
 private:
     uint32_t animateCommon(TreeInfo& info);