[libcamera-devel] [PATCH] test: camera: buffer_import: clear video pointer
Laurent Pinchart
laurent.pinchart at ideasonboard.com
Thu Jul 18 15:58:29 CEST 2019
Hi Kieran,
Thank you for the patch.
On Thu, Jul 18, 2019 at 05:28:05AM +0100, Kieran Bingham wrote:
> The FrameSink::cleanup() call checks if video_ is set before cleaning up
> and then deleting the object.
>
> If the cleanup() call is called twice for any reason, this will
> encounter a use-after-free as the video_ pointer is not cleared after
> deletion.
>
> Whilst cleanup() is not currently called twice consecutively, to prevent
> errors in the future, make it explicit that the object has been deleted
> by clearing the stale pointer.
>
> Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
It's test code so it doesn't matter much, but it doesn't hurt either, so
Reviewed-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> ---
> test/camera/buffer_import.cpp | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/test/camera/buffer_import.cpp b/test/camera/buffer_import.cpp
> index d6e4fd5bf6ad..400d02b350c1 100644
> --- a/test/camera/buffer_import.cpp
> +++ b/test/camera/buffer_import.cpp
> @@ -109,7 +109,9 @@ public:
> video_->streamOff();
> video_->releaseBuffers();
> video_->close();
> +
> delete video_;
> + video_ = nullptr;
> }
>
> if (media_)
--
Regards,
Laurent Pinchart
More information about the libcamera-devel
mailing list