[libcamera-devel] [PATCH 13/15] v4l2: v4l2_camera: Clear pending requests on freeBuffers
Paul Elder
paul.elder at ideasonboard.com
Thu Jun 18 11:20:26 CEST 2020
On Wed, Jun 17, 2020 at 05:40:54PM +0200, Jacopo Mondi wrote:
> Hi Paul,
>
> On Tue, Jun 16, 2020 at 10:12:42PM +0900, Paul Elder wrote:
> > V4L2 allows buffer queueing before streamon while libcamera does not.
> > The compatibility layer thus saves these buffers in a pending queue
> > until streamon, and then automatically queues them. However, this
> > pending queue is not cleared when the buffers a freed, so if buffers are
>
> s/a freed/are freed.
>
> > queued, the stream is not started, buffers are freed, more buffers are
> > queued, and the stream is finally started, then the first set of buffers
> > will be used-after-free. Fix this by clearing the pending quest queue
> > upon the buffers being freed.
> >
> > Signed-off-by: Paul Elder <paul.elder at ideasonboard.com>
>
> Should this happen at streamoff time as well ?
Oh you're right yeah, it should.
> Got a bit lost :)
I'll try to clarify it.
> Otherwise
> Reviewed-by: Jacopo Mondi <jacopo at jmondi.org>
>
Thanks,
Paul
> > ---
> > src/v4l2/v4l2_camera.cpp | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/src/v4l2/v4l2_camera.cpp b/src/v4l2/v4l2_camera.cpp
> > index f0ec54b..bae270a 100644
> > --- a/src/v4l2/v4l2_camera.cpp
> > +++ b/src/v4l2/v4l2_camera.cpp
> > @@ -155,6 +155,7 @@ void V4L2Camera::freeBuffers()
> > Stream *stream = *camera_->streams().begin();
> >
> > bufferAllocator_->free(stream);
> > + pendingRequests_.clear();
> > }
> >
> > FileDescriptor V4L2Camera::getBufferFd(unsigned int index)
> > --
> > 2.27.0
> >
> > _______________________________________________
> > libcamera-devel mailing list
> > libcamera-devel at lists.libcamera.org
> > https://lists.libcamera.org/listinfo/libcamera-devel
More information about the libcamera-devel
mailing list