[libcamera-devel] [PATCH] lc-compliance: Cache buffers size before destroy

[Kieran Bingham]

The buffers.size is referenced after calling stop which destroys buffers.

This causes a use-after-free.
Cache the size so we can return the value appropriately in the
test results.

Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
---
 src/lc-compliance/simple_capture.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/lc-compliance/simple_capture.cpp b/src/lc-compliance/simple_capture.cpp
index cfcad79ad655..88fb6a8187cc 100644
--- a/src/lc-compliance/simple_capture.cpp
+++ b/src/lc-compliance/simple_capture.cpp
@@ -80,8 +80,12 @@ Results::Result SimpleCaptureBalanced::capture(unsigned int numRequests)
 
 	/* No point in testing less requests then the camera depth. */
 	if (buffers.size() > numRequests) {
+		/* Cache buffers.size() before we destroy it in stop() */
+		int buffers_size = buffers.size();
 		stop();
-		return { Results::Skip, "Camera needs " + std::to_string(buffers.size()) + " requests, can't test only " + std::to_string(numRequests) };
+
+		return { Results::Skip, "Camera needs " + std::to_string(buffers_size)
+			+ " requests, can't test only " + std::to_string(numRequests) };
 	}
 
 	queueCount_ = 0;
-- 
2.25.1