[libcamera-devel] [PATCH] pipeline: raspberrypi: Fix possible null dereference

[Naushir Patuck]

The freeBuffers() cleanup code calls into the IPA to unmap and free shared
buffers. However, this function could be called before the IPA has opened (via
registerCamera()), causing a segmentation fault. Fix this by guarding against
calling the IPA if it has not been opened.

Signed-off-by: Naushir Patuck <naush at raspberrypi.com>
---
 src/libcamera/pipeline/raspberrypi/raspberrypi.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/libcamera/pipeline/raspberrypi/raspberrypi.cpp b/src/libcamera/pipeline/raspberrypi/raspberrypi.cpp
index 2636acb758b7..26cd4e5f2b99 100644
--- a/src/libcamera/pipeline/raspberrypi/raspberrypi.cpp
+++ b/src/libcamera/pipeline/raspberrypi/raspberrypi.cpp
@@ -1484,10 +1484,12 @@ void PipelineHandlerRPi::mapBuffers(Camera *camera, const RPi::BufferMap &buffer
 
 void RPiCameraData::freeBuffers()
 {
-	/* Copy the buffer ids from the unordered_set to a vector to pass to the IPA. */
-	std::vector<unsigned int> ipaBuffers(ipaBuffers_.begin(), ipaBuffers_.end());
-	ipa_->unmapBuffers(ipaBuffers);
-	ipaBuffers_.clear();
+	if (ipa_) {
+		/* Copy the buffer ids from the unordered_set to a vector to pass to the IPA. */
+		std::vector<unsigned int> ipaBuffers(ipaBuffers_.begin(), ipaBuffers_.end());
+		ipa_->unmapBuffers(ipaBuffers);
+		ipaBuffers_.clear();
+	}
 
 	for (auto const stream : streams_)
 		stream->releaseBuffers();
-- 
2.34.1