{"id":4057,"url":"https://patchwork.libcamera.org/api/1.1/patches/4057/?format=json","web_url":"https://patchwork.libcamera.org/patch/4057/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20200616131244.70308-14-paul.elder@ideasonboard.com>","date":"2020-06-16T13:12:42","name":"[libcamera-devel,13/15] v4l2: v4l2_camera: Clear pending requests on freeBuffers","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"5fda149dc31c5af91b554a42c5c5bfdd844ecf5e","submitter":{"id":17,"url":"https://patchwork.libcamera.org/api/1.1/people/17/?format=json","name":"Paul Elder","email":"paul.elder@ideasonboard.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/4057/mbox/","series":[{"id":1006,"url":"https://patchwork.libcamera.org/api/1.1/series/1006/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=1006","date":"2020-06-16T13:12:29","name":"Support v4l2-compliance","version":1,"mbox":"https://patchwork.libcamera.org/series/1006/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/4057/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/4057/checks/","tags":{},"headers":{"Return-Path":"<paul.elder@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id F41FC61F24\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue, 16 Jun 2020 15:13:24 +0200 (CEST)","from jade.flets-east.jp (unknown\n\t[IPv6:2400:4051:61:600:2807:bdfa:f6a:8e53])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 8050EF9;\n\tTue, 16 Jun 2020 15:13:23 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"dIbT/Wzb\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1592313204;\n\tbh=DPvSHDRp8TzqSJUTVCDUJSUfdzWl+oRyQNMNklCfEh8=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=dIbT/WzbkuKXgmpmMQAhb8N3WopapxMlyKuvwUq7sPS1LSGpwPb51S6wM2mW4eyDb\n\tomI6guhgXzErycxFuUEHnYd8uDK81U2GjUcVt9Y3JhbosfbBf1FJ5YT+D86KhUpO7Z\n\tMGbQrETCiOgaDiSgeW4qOHnfIAlOwwXRjPe29WoA=","From":"Paul Elder <paul.elder@ideasonboard.com>","To":"libcamera-devel@lists.libcamera.org","Date":"Tue, 16 Jun 2020 22:12:42 +0900","Message-Id":"<20200616131244.70308-14-paul.elder@ideasonboard.com>","X-Mailer":"git-send-email 2.27.0","In-Reply-To":"<20200616131244.70308-1-paul.elder@ideasonboard.com>","References":"<20200616131244.70308-1-paul.elder@ideasonboard.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH 13/15] v4l2: v4l2_camera: Clear pending\n\trequests on freeBuffers","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Tue, 16 Jun 2020 13:13:25 -0000"},"content":"V4L2 allows buffer queueing before streamon while libcamera does not.\nThe compatibility layer thus saves these buffers in a pending queue\nuntil streamon, and then automatically queues them. However, this\npending queue is not cleared when the buffers a freed, so if buffers are\nqueued, the stream is not started, buffers are freed, more buffers are\nqueued, and the stream is finally started, then the first set of buffers\nwill be used-after-free. Fix this by clearing the pending quest queue\nupon the buffers being freed.\n\nSigned-off-by: Paul Elder <paul.elder@ideasonboard.com>\n---\n src/v4l2/v4l2_camera.cpp | 1 +\n 1 file changed, 1 insertion(+)","diff":"diff --git a/src/v4l2/v4l2_camera.cpp b/src/v4l2/v4l2_camera.cpp\nindex f0ec54b..bae270a 100644\n--- a/src/v4l2/v4l2_camera.cpp\n+++ b/src/v4l2/v4l2_camera.cpp\n@@ -155,6 +155,7 @@ void V4L2Camera::freeBuffers()\n \tStream *stream = *camera_->streams().begin();\n \n \tbufferAllocator_->free(stream);\n+\tpendingRequests_.clear();\n }\n \n FileDescriptor V4L2Camera::getBufferFd(unsigned int index)\n","prefixes":["libcamera-devel","13/15"]}