[media] media: mem2mem: eliminate possible NULL pointer dereference

This patch removes the possible NULL pointer dereference in mem2mem
code.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
CC: Pawel Osciak <pawel@osciak.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

diff --git a/drivers/media/video/v4l2-mem2mem.c b/drivers/media/video/v4l2-mem2mem.c
index 3b15bf5..975d0fa 100644 (file)
--- a/drivers/media/video/v4l2-mem2mem.c
+++ b/drivers/media/video/v4l2-mem2mem.c
@@ -97,11 +97,12 @@ void *v4l2_m2m_next_buf(struct v4l2_m2m_queue_ctx *q_ctx)
 
        spin_lock_irqsave(&q_ctx->rdy_spinlock, flags);
 
-       if (list_empty(&q_ctx->rdy_queue))
-               goto end;
+       if (list_empty(&q_ctx->rdy_queue)) {
+               spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
+               return NULL;
+       }
 
        b = list_entry(q_ctx->rdy_queue.next, struct v4l2_m2m_buffer, list);
-end:
        spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
        return &b->vb;
 }
@@ -117,12 +118,13 @@ void *v4l2_m2m_buf_remove(struct v4l2_m2m_queue_ctx *q_ctx)
        unsigned long flags;
 
        spin_lock_irqsave(&q_ctx->rdy_spinlock, flags);
-       if (!list_empty(&q_ctx->rdy_queue)) {
-               b = list_entry(q_ctx->rdy_queue.next, struct v4l2_m2m_buffer,
-                               list);
-               list_del(&b->list);
-               q_ctx->num_rdy--;
+       if (list_empty(&q_ctx->rdy_queue)) {
+               spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
+               return NULL;
        }
+       b = list_entry(q_ctx->rdy_queue.next, struct v4l2_m2m_buffer, list);
+       list_del(&b->list);
+       q_ctx->num_rdy--;
        spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
 
        return &b->vb;