From 1684c3f930b2a27884037bc38856477b80cddd50 Mon Sep 17 00:00:00 2001
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Mon, 28 Jun 2021 09:41:27 +0300
Subject: android: camera_device: Fix null pointer dereference

Commit 7532caa2c77b ("android: camera_device: Reset config_ if
Camera::configure() fails") reworked the configuration sequence to
ensure that the CameraConfiguration pointers gets reset when
configuration fails. This inadvertently causes a null pointer
dereference, as the CameraStream constructor accesses the camera
configuration through CameraDevice::cameraConfiguration() before the
internal config_ pointer is set.

Fix this by passing the configuration pointer explicitly to the
CameraStream constructor.

Fixes: 7532caa2c77b ("android: camera_device: Reset config_ if Camera::configure() fails")
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
Tested-by: Paul Elder <paul.elder@ideasonboard.com>
Reviewed-by: Umang Jain <umang.jain@ideasonboard.com>
Tested-by: Umang Jain <umang.jain@ideasonboard.com>
Reviewed-by: Hirokazu Honda <hiroh@chromium.org>
---
 src/android/camera_stream.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/android/camera_stream.cpp')

diff --git a/src/android/camera_stream.cpp b/src/android/camera_stream.cpp
index b2f03b50..bf4a7b41 100644
--- a/src/android/camera_stream.cpp
+++ b/src/android/camera_stream.cpp
@@ -39,10 +39,10 @@ LOG_DECLARE_CATEGORY(HAL)
  * and buffer allocation.
  */
 
-CameraStream::CameraStream(CameraDevice *const cameraDevice, Type type,
+CameraStream::CameraStream(CameraDevice *const cameraDevice,
+			   CameraConfiguration *config, Type type,
 			   camera3_stream_t *camera3Stream, unsigned int index)
-	: cameraDevice_(cameraDevice),
-	  config_(cameraDevice->cameraConfiguration()), type_(type),
+	: cameraDevice_(cameraDevice), config_(config), type_(type),
 	  camera3Stream_(camera3Stream), index_(index)
 {
 	if (type_ == Type::Internal || type_ == Type::Mapped) {
-- 
cgit v1.2.1