dept2 / qtmultimedia-gphoto

Qt 5 Multimedia framework gphoto2 camera plugin
25 stars 11 forks source link

Crash in waitForOperationCompleted due to #6 fixes #8

Closed hcw70 closed 4 years ago

hcw70 commented 4 years ago

6 was fixed incorrectly:

void GPhotoCameraWorker::waitForOperationCompleted()
{
    CameraEventType type;
    void *data;
    int ret;

    do {
        ret = gp_camera_wait_for_event(m_camera, 10, &type, &data, m_context);
        free(data);
    } while ((ret == GP_OK) && (type != GP_EVENT_TIMEOUT));
}

See https://github.com/gphoto/libgphoto2/blob/master/libgphoto2/gphoto2-camera.c for base function and https://github.com/gphoto/libgphoto2/blob/master/camlibs/canon/usb.c canon_usb_wait_for_event() for an implementation:

int
canon_usb_wait_for_event (Camera *camera, int timeout,
        CameraEventType *eventtype, void **eventdata,
        GPContext *context)
{
...
    if (!camera->pl->directory_state)
        status = canon_usb_list_all_dirs ( camera, &camera->pl->directory_state, &directory_state_len, context );
    if (status < GP_OK) {
        GP_DEBUG ("canon_usb_wait_for_event: status %d", status);
        return status;
    }

    *eventtype = GP_EVENT_TIMEOUT;
    *eventdata = NULL;
....
    }
}

As can be seen, there is an exit path which does not set your data to nullptr

cyberbobs commented 4 years ago

Merged, thank you for your contribution!