[libcamera-devel] [PATCH v3] android: camera_device: Fix crash in calling CameraDevice::close()
Jacopo Mondi
jacopo at jmondi.org
Mon Sep 6 15:27:07 CEST 2021
Hi Hiro,
On Wed, Sep 01, 2021 at 03:37:39AM +0900, Hirokazu Honda wrote:
> The problem is happening because we seem to add a CameraStream
> associated buffer(depending on the CameraStream::Type) to the Request,
> in CameraDevice::processCaptureRequest().
>
> However, when the camera stops, all the current buffers are marked with
> FrameMetadata::FrameCancelled and proceed to completion. But the buffer
> associated with the CameraStream (that was previously added to the
> request) has now been cleared out with a part of streams_.clear(), even
> before the camera stop() has been invoked. Any access to those request
> buffers after they have been cleared, shall result in a crash.
>
> Signed-off-by: Hirokazu Honda <hiroh at chromium.org>
I have re-tested today this patch, and piled some other on top.
I have fixed the commit message and collected tags, can I resend this
as part of a larger series ?
Thanks
j
> ---
> src/android/camera_device.cpp | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/android/camera_device.cpp b/src/android/camera_device.cpp
> index 8ca76719..fda77db4 100644
> --- a/src/android/camera_device.cpp
> +++ b/src/android/camera_device.cpp
> @@ -423,8 +423,6 @@ int CameraDevice::open(const hw_module_t *hardwareModule)
>
> void CameraDevice::close()
> {
> - streams_.clear();
> -
> stop();
>
> camera_->release();
> @@ -457,6 +455,8 @@ void CameraDevice::stop()
> camera_->stop();
>
> descriptors_.clear();
> + streams_.clear();
> +
> state_ = State::Stopped;
> }
>
> --
> 2.33.0.259.gc128427fd7-goog
>
More information about the libcamera-devel
mailing list