RESTRICT AUTOMERGE: Camera: fix use after free in sensor timestamp

The metadata object might be overriden later and has it memory
re-allocated; hence snaping the sensor timestamp value before
we call into any method that might change the metadata.

Test: build
Bug: 150944913
Merged-In: I5b10b680e0cce96ca49e1772770adb4835545472
Change-Id: I5b10b680e0cce96ca49e1772770adb4835545472

1 files changed, 4 insertions, 1 deletions

diff --git a/services/camera/libcameraservice/device3/Camera3Device.cpp b/services/camera/libcameraservice/device3/Camera3Device.cpp
index 28ffc8b3db..fb81b88efb 100644
--- a/services/camera/libcameraservice/device3/Camera3Device.cpp
+++ b/services/camera/libcameraservice/device3/Camera3Device.cpp
@@ -3000,6 +3000,9 @@ void Camera3Device::sendCaptureResult(CameraMetadata &pendingMetadata,
                 frameNumber);
         return;
     }
+
+    nsecs_t sensorTimestamp = timestamp.data.i64[0];
+
     for (auto& physicalMetadata : captureResult.mPhysicalMetadatas) {
         camera_metadata_entry timestamp =
                 physicalMetadata.mPhysicalCameraMetadata.find(ANDROID_SENSOR_TIMESTAMP);
@@ -3019,7 +3022,7 @@ void Camera3Device::sendCaptureResult(CameraMetadata &pendingMetadata,
     }
 
     mTagMonitor.monitorMetadata(TagMonitor::RESULT,
-            frameNumber, timestamp.data.i64[0], captureResult.mMetadata);
+            frameNumber, sensorTimestamp, captureResult.mMetadata);
 
     insertResultLocked(&captureResult, frameNumber);
 }