[libcamera-devel] [PATCH] test: camera: buffer_import: clear video pointer
Niklas Söderlund
niklas.soderlund at ragnatech.se
Sat Jul 20 15:23:27 CEST 2019
Hi Kieran,
Thanks for your work.
On 2019-07-18 05:28:05 +0100, Kieran Bingham wrote:
> The FrameSink::cleanup() call checks if video_ is set before cleaning up
> and then deleting the object.
>
> If the cleanup() call is called twice for any reason, this will
> encounter a use-after-free as the video_ pointer is not cleared after
> deletion.
>
> Whilst cleanup() is not currently called twice consecutively, to prevent
> errors in the future, make it explicit that the object has been deleted
> by clearing the stale pointer.
>
> Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund at ragnatech.se>
> ---
> test/camera/buffer_import.cpp | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/test/camera/buffer_import.cpp b/test/camera/buffer_import.cpp
> index d6e4fd5bf6ad..400d02b350c1 100644
> --- a/test/camera/buffer_import.cpp
> +++ b/test/camera/buffer_import.cpp
> @@ -109,7 +109,9 @@ public:
> video_->streamOff();
> video_->releaseBuffers();
> video_->close();
> +
> delete video_;
> + video_ = nullptr;
> }
>
> if (media_)
> --
> 2.20.1
>
> _______________________________________________
> libcamera-devel mailing list
> libcamera-devel at lists.libcamera.org
> https://lists.libcamera.org/listinfo/libcamera-devel
--
Regards,
Niklas Söderlund
More information about the libcamera-devel
mailing list