summaryrefslogtreecommitdiff
path: root/src/android/camera_device.h
diff options
context:
space:
mode:
authorUmang Jain <umang.jain@ideasonboard.com>2021-08-19 19:40:48 +0530
committerUmang Jain <umang.jain@ideasonboard.com>2021-08-19 19:56:57 +0530
commit3558334561ed7712de088b496804ab3cbe1c8cd7 (patch)
tree372f0558e80461918316c5120f9daf79bc933f46 /src/android/camera_device.h
parentcdb70b5c4012e8bb87d4fe9008f466fab13ef062 (diff)
libcamera: ipc_pipe: Do not run memcpy with null arguments
IPCMessage::payload() converts the IPCMessage into an IPCUnixSocket payload. However, if IPCMessage is constructed with one of the following constructors - IPCMessage::IPCMessage(), IPCMessage::IPCMessage(uint32_t cmd) IPCMessage::IPCMessage(const Header &header) The data_ vector of IPCMessage is empty and uninitialised. In that case, IPCMessage::payload will try to memcpy() an empty data_ vector which can lead to invoking memcpy() with a nullptr parameter, which is then identified by the address sanity checker.. Add a non-empty data_ vector check to avoid it. The issue is noticed by running a test manually, testing the vimc IPA code paths in isolated mode. It is only noticed when the test is compiled with -Db_sanitize=address,undefined meson built-in option. ipc_pipe.cpp:110:8: runtime error: null pointer passed as argument 2, which is declared to never be null Signed-off-by: Umang Jain <umang.jain@ideasonboard.com> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Paul Elder <paul.elder@ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Diffstat (limited to 'src/android/camera_device.h')
0 files changed, 0 insertions, 0 deletions