search

gphoto / libgphoto2

The libgphoto2 camera access and control library.
GNU Lesser General Public License v2.1
1.06k stars 325 forks source link

PTP free(): invalid pointer (gp_camera_set_single_config on read-only property) #167

Closed kadler15 closed 7 years ago

kadler15 commented 7 years ago

I'm working with the vcamera, and tried setting the imagesize config value to 320x240. E.g.:

CameraWidget *widget;
gp_camera_get_single_config(camPtr, "imagesize", &widget, context);
gp_widget_set_value(widget, "320x480");
gp_camera_set_single_config(camPtr, "imagesize", widget, context);
gp_widget_free(widget);

I sporadically get the following sort of crash:

*** Error in `/usr/local/bin/node': free(): invalid pointer: 0x0000000001e8ba38 ***

Program received signal SIGABRT, Aborted.
0x00007ffff6c1b067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.

I was able to track the problem in GDB to a call to ptp_free_devicepropvalue in ptp2/config.c.

PTPPropertyValue    propval;
...
ptp_free_devicepropvalue (cursub->type, &propval);

There is no explicit call to memset (&propval,0,sizeof(propval)); before the attempt to free, and if the property is read-only, the putfunc call that would otherwise populate propval is skipped.

So, depending on what propval is initialized to, the attempt to free its resources will fail.

msmeissn commented 7 years ago

well spotted. I move the freeing of device prpopvalue in the "success" branch and also initialize it to 0 as you suggested