From 00a1e1337f22376909338a5319a378b2e2afdde8 Mon Sep 17 00:00:00 2001 From: Jaroslav Beran Date: Wed, 20 Sep 2017 15:14:54 +0200 Subject: [PATCH] libavdevice/v4l2: fix invalid access to struct v4l2_buffer In case we are short of queued buffers, at first v4l2_buffer was enqueued to kernel so it's not owned by user-space anymore. After that it's timestamp field was read, but it might be overwritten by driver at that moment. It resulted in invalid timestamp sometimes. Signed-off-by: Michael Niedermayer --- libavdevice/v4l2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c index 17451cdb60..f087badf5c 100644 --- a/libavdevice/v4l2.c +++ b/libavdevice/v4l2.c @@ -492,6 +492,7 @@ static int mmap_read_frame(AVFormatContext *ctx, AVPacket *pkt) .type = V4L2_BUF_TYPE_VIDEO_CAPTURE, .memory = V4L2_MEMORY_MMAP }; + struct timeval buf_ts; int res; pkt->size = 0; @@ -508,6 +509,8 @@ static int mmap_read_frame(AVFormatContext *ctx, AVPacket *pkt) return res; } + buf_ts = buf.timestamp; + if (buf.index >= s->buffers) { av_log(ctx, AV_LOG_ERROR, "Invalid buffer index received.\n"); return AVERROR(EINVAL); @@ -583,7 +586,7 @@ static int mmap_read_frame(AVFormatContext *ctx, AVPacket *pkt) return AVERROR(ENOMEM); } } - pkt->pts = buf.timestamp.tv_sec * INT64_C(1000000) + buf.timestamp.tv_usec; + pkt->pts = buf_ts.tv_sec * INT64_C(1000000) + buf_ts.tv_usec; convert_timestamp(ctx, &pkt->pts); return pkt->size;