From 1684c3f930b2a27884037bc38856477b80cddd50 Mon Sep 17 00:00:00 2001 From: Laurent Pinchart Date: Mon, 28 Jun 2021 09:41:27 +0300 Subject: android: camera_device: Fix null pointer dereference Commit 7532caa2c77b ("android: camera_device: Reset config_ if Camera::configure() fails") reworked the configuration sequence to ensure that the CameraConfiguration pointers gets reset when configuration fails. This inadvertently causes a null pointer dereference, as the CameraStream constructor accesses the camera configuration through CameraDevice::cameraConfiguration() before the internal config_ pointer is set. Fix this by passing the configuration pointer explicitly to the CameraStream constructor. Fixes: 7532caa2c77b ("android: camera_device: Reset config_ if Camera::configure() fails") Signed-off-by: Laurent Pinchart Reviewed-by: Paul Elder Tested-by: Paul Elder Reviewed-by: Umang Jain Tested-by: Umang Jain Reviewed-by: Hirokazu Honda --- src/android/camera_device.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/android/camera_device.cpp') diff --git a/src/android/camera_device.cpp b/src/android/camera_device.cpp index 13ee5fab..678cde23 100644 --- a/src/android/camera_device.cpp +++ b/src/android/camera_device.cpp @@ -682,8 +682,8 @@ int CameraDevice::configureStreams(camera3_stream_configuration_t *stream_list) config->addConfiguration(streamConfig.config); for (auto &stream : streamConfig.streams) { - streams_.emplace_back(this, stream.type, stream.stream, - config->size() - 1); + streams_.emplace_back(this, config.get(), stream.type, + stream.stream, config->size() - 1); stream.stream->priv = static_cast(&streams_.back()); } } -- cgit v1.2.1