[libcamera-devel] [PATCH] lc-compliance: Cache buffers size before destroy
Kieran Bingham
kieran.bingham at ideasonboard.com
Mon Mar 8 18:10:01 CET 2021
The buffers.size is referenced after calling stop which destroys buffers.
This causes a use-after-free.
Cache the size so we can return the value appropriately in the
test results.
Signed-off-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
---
src/lc-compliance/simple_capture.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/lc-compliance/simple_capture.cpp b/src/lc-compliance/simple_capture.cpp
index cfcad79ad655..88fb6a8187cc 100644
--- a/src/lc-compliance/simple_capture.cpp
+++ b/src/lc-compliance/simple_capture.cpp
@@ -80,8 +80,12 @@ Results::Result SimpleCaptureBalanced::capture(unsigned int numRequests)
/* No point in testing less requests then the camera depth. */
if (buffers.size() > numRequests) {
+ /* Cache buffers.size() before we destroy it in stop() */
+ int buffers_size = buffers.size();
stop();
- return { Results::Skip, "Camera needs " + std::to_string(buffers.size()) + " requests, can't test only " + std::to_string(numRequests) };
+
+ return { Results::Skip, "Camera needs " + std::to_string(buffers_size)
+ + " requests, can't test only " + std::to_string(numRequests) };
}
queueCount_ = 0;
--
2.25.1
More information about the libcamera-devel
mailing list