media: mediatek: vcodec: Fix getting NULL pointer for dst buffer

[ Upstream commit d879f770e4d1d5f0d9b692d3a2702f23ee441dbb ]

The driver may can't get v4l2 buffer when lat or core decode timeout,
will lead to crash when call v4l2_m2m_buf_done to set dst buffer
(NULL pointer) done.

Fixes: 7b182b8d9c85 ("media: mediatek: vcodec: Refactor get and put capture buffer flow")
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dec_stateless.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dec_stateless.c
index c45bd25..e868090 100644 (file)
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dec_stateless.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dec_stateless.c
@@ -138,10 +138,13 @@ static void mtk_vdec_stateless_cap_to_disp(struct mtk_vcodec_ctx *ctx, int error
                state = VB2_BUF_STATE_DONE;
 
        vb2_dst = v4l2_m2m_dst_buf_remove(ctx->m2m_ctx);
-       v4l2_m2m_buf_done(vb2_dst, state);
-
-       mtk_v4l2_debug(2, "free frame buffer id:%d to done list",
-                      vb2_dst->vb2_buf.index);
+       if (vb2_dst) {
+               v4l2_m2m_buf_done(vb2_dst, state);
+               mtk_v4l2_debug(2, "free frame buffer id:%d to done list",
+                              vb2_dst->vb2_buf.index);
+       } else {
+               mtk_v4l2_err("dst buffer is NULL");
+       }
 
        if (src_buf_req)
                v4l2_ctrl_request_complete(src_buf_req, &ctx->ctrl_hdl);