From 1a6b80e4a0fa7b2be8fa6c4a25a33f92ce66f563 Mon Sep 17 00:00:00 2001
From: Kieran Bingham <kieran.bingham@ideasonboard.com>
Date: Thu, 18 Jul 2019 04:07:30 +0100
Subject: test: camera: buffer_import: clear video pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The FrameSink::cleanup() call checks if video_ is set before cleaning up
and then deleting the object.

If the cleanup() call is called twice for any reason, this will
encounter a use-after-free as the video_ pointer is not cleared after
deletion.

Whilst cleanup() is not currently called twice consecutively, to prevent
errors in the future, make it explicit that the object has been deleted
by clearing the stale pointer.

Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
---
 test/camera/buffer_import.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'test')

diff --git a/test/camera/buffer_import.cpp b/test/camera/buffer_import.cpp
index d6e4fd5b..400d02b3 100644
--- a/test/camera/buffer_import.cpp
+++ b/test/camera/buffer_import.cpp
@@ -109,7 +109,9 @@ public:
 			video_->streamOff();
 			video_->releaseBuffers();
 			video_->close();
+
 			delete video_;
+			video_ = nullptr;
 		}
 
 		if (media_)
-- 
cgit v1.2.1