From b6a9d10508e321ebc53193a117bf6c65d98ae888 Mon Sep 17 00:00:00 2001
From: Emilian Peev <epeev@mm-sol.com>
Date: Wed, 10 Oct 2012 15:52:54 +0300
Subject: CameraHal: Avoid race condition during recording stop

- A race condition is possible when recording is stopped.
  'BaseCameraAdapter::stopVideoCapture()' is clearing
  'mVideoBuffersAvailable'. A delayed video frame from
  'AppCallbackNotifier' can return afterwards though and
  then try to query the already empty 'KeyedVector'. This
  will result in a segfault. Solution is to move the vector
  reset away from 'stopVideoCapture()' and in to
  'startVideoCapture()' where it is needed.

Bug: 7021214

Change-Id: Ic234189b49e35c990b3af70bd713a12cb762362c
Signed-off-by: Emilian Peev <epeev@mm-sol.com>
---
 camera/BaseCameraAdapter.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/camera/BaseCameraAdapter.cpp b/camera/BaseCameraAdapter.cpp
index bb7a5b8..123ab00 100644
--- a/camera/BaseCameraAdapter.cpp
+++ b/camera/BaseCameraAdapter.cpp
@@ -1421,6 +1421,8 @@ status_t BaseCameraAdapter::startVideoCapture()
     if ( NO_ERROR == ret )
         {
 
+        mVideoBuffersAvailable.clear();
+
         for ( unsigned int i = 0 ; i < mPreviewBuffersAvailable.size() ; i++ )
             {
             mVideoBuffersAvailable.add(mPreviewBuffersAvailable.keyAt(i), 0);
@@ -1456,8 +1458,6 @@ status_t BaseCameraAdapter::stopVideoCapture()
                 }
             }
 
-        mVideoBuffersAvailable.clear();
-
         mRecording = false;
         }
 
-- 
cgit v1.1