v4l2: bufferpool: Ensure freshly created buffers are not marked as queued (!6552) · Merge requests · GStreamer / gstreamer

Philipp Zabel requested to merge pH5/gstreamer:v4l2bufferpool-new-buffers-not-queued into main Apr 06, 2024

Otherwise, if we run in to the gst_v4l2_buffer_pool_copy_buffer() case repeatedly, these groups can stay around with queued flag set, but never actually queued (and dequeued, which would clear the flag), until gst_v4l2_allocator_flush() is called when stopping.

There, the associated memories, still incorrectly marked as queued, are erroneously freed, causing the release function to decrement allocator refcount where it was never incremented. Thus, the allocator is disposed early, causing either deadlock or use after free.

This can happen with v4l2sink on a v4l2loopback device, which unconditionally sets the V4L2_BUF_FLAG_QUEUED flag in VIDIOC_QUERYBUF.

v4l2: bufferpool: Ensure freshly created buffers are not marked as queued

Merge request reports