From 96a5c699700492750183c925339a69da7e2c2326 Mon Sep 17 00:00:00 2001
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Sun, 7 Aug 2022 20:39:19 +0300
Subject: cam: kms_sink: Make lifetime management of DRM request safer

The drmRequest is KMSSink::processRequest() is created as a naked
pointer, passed to the constructor of the KMSSink::Request object that
stores it in a std::unique_ptr<>, and used later in the function. The
current implementation is safe, but could be prone to both memory leaks
and use-after-free bugs if modified. Improve it by replacing the naked
pointer with a std::unique_ptr<>.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Eric Curtin <ecurtin@redhat.com>
Tested-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
---
 src/cam/kms_sink.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/cam/kms_sink.h')

diff --git a/src/cam/kms_sink.h b/src/cam/kms_sink.h
index 4a0a872c..8f5f0866 100644
--- a/src/cam/kms_sink.h
+++ b/src/cam/kms_sink.h
@@ -38,8 +38,9 @@ private:
 	class Request
 	{
 	public:
-		Request(DRM::AtomicRequest *drmRequest, libcamera::Request *camRequest)
-			: drmRequest_(drmRequest), camRequest_(camRequest)
+		Request(std::unique_ptr<DRM::AtomicRequest> drmRequest,
+			libcamera::Request *camRequest)
+			: drmRequest_(std::move(drmRequest)), camRequest_(camRequest)
 		{
 		}
 
-- 
cgit v1.2.1