v4l2codecs: decoder: Properly remove pending requests

Pass the pointer instead of NULL in order to find and remove properly any
pending request from the queue. This coding error was leading to use after
free in error and early exit cases.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1696>

diff --git a/sys/v4l2codecs/gstv4l2decoder.c b/sys/v4l2codecs/gstv4l2decoder.c
index fad7d74..8c2e938 100644 (file)
--- a/sys/v4l2codecs/gstv4l2decoder.c
+++ b/sys/v4l2codecs/gstv4l2decoder.c
@@ -854,7 +854,7 @@ gst_v4l2_request_free (GstV4l2Request * request)
 
     GST_DEBUG_OBJECT (decoder, "Freeing pending request %p.", request);
 
-    idx = gst_queue_array_find (decoder->pending_requests, NULL, NULL);
+    idx = gst_queue_array_find (decoder->pending_requests, NULL, request);
     if (idx >= 0)
       gst_queue_array_drop_element (decoder->pending_requests, idx);