v4l2: Fix use after free of fmtdesc part 2

Add missing code in merge commit e890e6e8d8bd
("v4l2: Fix use after free of fmtdesc"). The v4l2object code was
missing.

Related to https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4317

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4426>

diff --git a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.c b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.c
index 83466a8..ee5edc6 100644 (file)
--- a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.c
+++ b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.c
@@ -550,6 +550,19 @@ gst_v4l2_object_new (GstElement * element,
   return v4l2object;
 }
 
+
+static gboolean
+gst_v4l2_object_clear_format_list (GstV4l2Object * v4l2object)
+{
+  g_slist_foreach (v4l2object->formats, (GFunc) g_free, NULL);
+  g_slist_free (v4l2object->formats);
+  v4l2object->formats = NULL;
+  v4l2object->fmtdesc = NULL;
+
+  return TRUE;
+}
+
+
 void
 gst_v4l2_object_destroy (GstV4l2Object * v4l2object)
 {
@@ -575,16 +588,6 @@ gst_v4l2_object_destroy (GstV4l2Object * v4l2object)
 }
 
 
-gboolean
-gst_v4l2_object_clear_format_list (GstV4l2Object * v4l2object)
-{
-  g_slist_foreach (v4l2object->formats, (GFunc) g_free, NULL);
-  g_slist_free (v4l2object->formats);
-  v4l2object->formats = NULL;
-
-  return TRUE;
-}
-
 static gint
 gst_v4l2_object_prop_to_cid (guint prop_id)
 {
@@ -4664,9 +4667,20 @@ gst_v4l2_object_probe_caps (GstV4l2Object * v4l2object, GstCaps * filter)
   GstCaps *ret;
   GSList *walk;
   GSList *formats;
+  guint32 fourcc = 0;
+
+  if (v4l2object->fmtdesc)
+    fourcc = GST_V4L2_PIXELFORMAT (v4l2object);
 
+  gst_v4l2_object_clear_format_list (v4l2object);
   formats = gst_v4l2_object_get_format_list (v4l2object);
 
+  /* Recover the fmtdesc, it may no longer exist, in which case it will be set
+   * to null */
+  if (fourcc)
+    v4l2object->fmtdesc =
+        gst_v4l2_object_get_format_from_fourcc (v4l2object, fourcc);
+
   ret = gst_caps_new_empty ();
 
   if (v4l2object->keep_aspect && !v4l2object->par) {

diff --git a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.h b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.h
index 3a5c961..229d15e 100644 (file)
--- a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.h
+++ b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2object.h
@@ -277,7 +277,6 @@ gboolean     gst_v4l2_object_get_property_helper       (GstV4l2Object *v4l2objec
 gboolean     gst_v4l2_object_open            (GstV4l2Object * v4l2object, GstV4l2Error * error);
 gboolean     gst_v4l2_object_open_shared     (GstV4l2Object * v4l2object, GstV4l2Object * other);
 gboolean     gst_v4l2_object_close           (GstV4l2Object * v4l2object);
-gboolean     gst_v4l2_object_clear_format_list (GstV4l2Object * v4l2object);
 
 /* probing */