Hi All,
bug description:
if use pjmedia_vid_dev_refresh() it'll cause memory corruption in
function v4l2_scan_devs:
In this line we will release pool because it was allocated after
pjmedia_vid_subsys_init()
if (f->dev_pool) {
pj_pool_release(f->dev_pool);
f->dev_pool = NULL;
}
....
But if count didn't change, f->dev_info == NULL will not be true
if (f->dev_count > old_count || f->dev_info == NULL) {
f->dev_info = (vid4lin_dev_info*)
pj_pool_calloc(f->dev_pool,
f->dev_count,
sizeof(vid4lin_dev_info));
}
and there we have corrupted memory
pj_memcpy(f->dev_info, vdi, f->dev_count * sizeof(vid4lin_dev_info));
bug fix:
if (f->dev_pool) {
pj_pool_release(f->dev_pool);
f->dev_pool = NULL;
f->dev_info = NULL;
}
Best Regards,
R. Savchenko.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20130807/2dabef93/attachment-0001.html>
