[libcamera-devel] [PATCH] libcamera: Fix crash caused by reading uninitialised delayed controls
Naushir Patuck
naush at raspberrypi.com
Wed Sep 29 09:46:02 CEST 2021
Hi David,
Thank you for your patch.
On Tue, 28 Sept 2021 at 16:36, David Plowman <david.plowman at raspberrypi.com>
wrote:
> This fixes bug https://bugs.libcamera.org/show_bug.cgi?id=74.
>
> The cause is that we read out delayed values using a frame's sequence
> number (DelayedControls::get). But we fill the values up
> (DelayedControls::applyControls) incrementing writeCount by only one
> even if the sequence number has jumped by several since last
> time. This is exactly what happens when frames are being dropped.
>
> So the fix is to increment writeCount by "as much as the sequence
> number has jumped since last time", which means that we just follow
> the sequence number directly.
>
> Signed-off-by: David Plowman <david.plowman at raspberrypi.com>
>
Reviewed-by: Naushir Patuck <naush at raspberrypi.com>
Tested-by: Naushir Patuck <naush at raspberrypi.com>
> ---
> src/libcamera/delayed_controls.cpp | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/libcamera/delayed_controls.cpp
> b/src/libcamera/delayed_controls.cpp
> index 90ce7e0b..9667187e 100644
> --- a/src/libcamera/delayed_controls.cpp
> +++ b/src/libcamera/delayed_controls.cpp
> @@ -279,7 +279,7 @@ void DelayedControls::applyControls(uint32_t sequence)
> }
> }
>
> - writeCount_++;
> + writeCount_ = sequence - firstSequence_ + 1;
>
> while (writeCount_ > queueCount_) {
> LOG(DelayedControls, Debug)
> --
> 2.20.1
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libcamera.org/pipermail/libcamera-devel/attachments/20210929/b6436c94/attachment.htm>
More information about the libcamera-devel
mailing list