[libcamera-devel] [PATCH] test: camera: buffer_import: clear video pointer

Thu Jul 18 06:28:05 CEST 2019

The FrameSink::cleanup() call checks if video_ is set before cleaning up
and then deleting the object.

If the cleanup() call is called twice for any reason, this will
encounter a use-after-free as the video_ pointer is not cleared after
deletion.

Whilst cleanup() is not currently called twice consecutively, to prevent
errors in the future, make it explicit that the object has been deleted
by clearing the stale pointer.

Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
---
 test/camera/buffer_import.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/camera/buffer_import.cpp b/test/camera/buffer_import.cpp
index d6e4fd5bf6ad..400d02b350c1 100644
--- a/test/camera/buffer_import.cpp
+++ b/test/camera/buffer_import.cpp
@@ -109,7 +109,9 @@ public:
 			video_->streamOff();
 			video_->releaseBuffers();
 			video_->close();
+
 			delete video_;
+			video_ = nullptr;
 		}
 
 		if (media_)
-- 
2.20.1

