The code references the Camera
object after it has already been released.
The code attempts to use the Camera
object after the it has already been released. Any further references to the Camera
object without reacquiring the resource will throw an exception, and can cause the application to crash if the exception is not caught.
Example: The following code uses a toggle button to toggle the camera preview on and off. After the user taps the button once, the camera preview stops and the camera resource is released. However, if she taps the button again, startPreview()
is called on the previously-released Camera
object.
public class ReuseCameraActivity extends Activity {
private Camera cam;
...
private class CameraButtonListener implements OnClickListener {
public void onClick(View v) {
if (toggle) {
cam.stopPreview();
cam.release();
}
else {
cam.startPreview();
}
toggle = !toggle;
}
}
...
}
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II
[3] Camera, Android Developers
[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 416
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9