summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHirokazu Honda <hiroh@chromium.org>2021-09-01 03:37:39 +0900
committerKieran Bingham <kieran.bingham@ideasonboard.com>2021-10-12 15:25:35 +0100
commitd1007485e4eeaf1f1c800ff954537ea6fe5cdcea (patch)
tree9312bdacb209cff1f9ab6051843c65b320ca5229
parentfa7a95bf32c6a8ee87b67159d4238cbc8e6dc3a9 (diff)
android: camera_device: Fix crash in calling CameraDevice::close()
The problem is happening because we seem to add a CameraStream associated buffer (depending on the CameraStream::Type) to the Request, in CameraDevice::processCaptureRequest(). However, when the camera stops, all the current buffers are marked with FrameMetadata::FrameCancelled and proceed to completion. But the buffer associated with the CameraStream (that was previously added to the request) has now been cleared out with a part of streams_.clear(), even before the camera stop() has been invoked. Any access to those request buffers after they have been cleared, will result in a crash. Signed-off-by: Hirokazu Honda <hiroh@chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Umang Jain <umang.jain@ideasonboard.com> Reviewed-by: Jacopo Mondi <jacopo@jmondi.org> Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
-rw-r--r--src/android/camera_device.cpp3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/android/camera_device.cpp b/src/android/camera_device.cpp
index ef4fbab8..90186710 100644
--- a/src/android/camera_device.cpp
+++ b/src/android/camera_device.cpp
@@ -424,8 +424,6 @@ int CameraDevice::open(const hw_module_t *hardwareModule)
void CameraDevice::close()
{
- streams_.clear();
-
stop();
camera_->release();
@@ -458,6 +456,7 @@ void CameraDevice::stop()
camera_->stop();
descriptors_ = {};
+ streams_.clear();
state_ = State::Stopped;
}