v4l2bufferpool: Ensure freshly created buffers are not marked as queued

Otherwise, if we run in to the copy case, this can cause these groups to stay around with queued flag set, but never actually queued, until gst_v4l2_allocator_flush() is called, which then erroneously frees the associated memories, causing the release function to decrement the allocator refcount where it was never incremented, resulting in early allocator disposal, and either deadlock or use after free. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6552>
2024-05-02 08:38:55 +00:00 · 2024-04-05 17:30:01 +02:00 · 2024-04-05 17:30:01 +02:00 · 46a41667a3
parent f33ce4fe8b
commit 46a41667a3
1 changed files with 7 additions and 0 deletions
--- a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2allocator.c
+++ b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2allocator.c
@ -272,6 +272,13 @@ gst_v4l2_memory_group_new (GstV4l2Allocator * allocator, guint32 index)
    return NULL;
  }

+  if (IS_QUEUED (group->buffer)) {
+    GST_WARNING_OBJECT (allocator,
+        "Driver pretends buffer %d is queued even if freshly created, "
+        "this indicates a bug in the driver.", group->buffer.index);
+    UNSET_QUEUED (group->buffer);
+  }
+
  /* Check that provided size matches the format we have negotiation. Failing
   * there usually means a driver of libv4l bug. */
  if (V4L2_TYPE_IS_MULTIPLANAR (obj->type)) {