From 2e3bc60422725b77209a6b6bd04ad504e2950767 Mon Sep 17 00:00:00 2001
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date: Thu, 15 Oct 2020 11:35:04 -0400
Subject: [PATCH] v4l2codecs: decoder: Properly remove pending requests

Pass the pointer instead of NULL in order to find and remove properly any
pending request from the queue. This coding error was leading to use after
free in error and early exit cases.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1696>
---
 sys/v4l2codecs/gstv4l2decoder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/v4l2codecs/gstv4l2decoder.c b/sys/v4l2codecs/gstv4l2decoder.c
index fad7d74..8c2e938 100644
--- a/sys/v4l2codecs/gstv4l2decoder.c
+++ b/sys/v4l2codecs/gstv4l2decoder.c
@@ -854,7 +854,7 @@ gst_v4l2_request_free (GstV4l2Request * request)
 
     GST_DEBUG_OBJECT (decoder, "Freeing pending request %p.", request);
 
-    idx = gst_queue_array_find (decoder->pending_requests, NULL, NULL);
+    idx = gst_queue_array_find (decoder->pending_requests, NULL, request);
     if (idx >= 0)
       gst_queue_array_drop_element (decoder->pending_requests, idx);
 
-- 
2.7.4