From f0ee607b102b0fbc0eb7ed942f528452f831f95c Mon Sep 17 00:00:00 2001
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date: Thu, 15 Oct 2020 11:35:04 -0400
Subject: v4l2codecs: decoder: Properly remove pending requests

Pass the pointer instead of NULL in order to find and remove properly any
pending request from the queue. This coding error was leading to use after
free in error and early exit cases.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1701>
---
 sys/v4l2codecs/gstv4l2decoder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/v4l2codecs/gstv4l2decoder.c b/sys/v4l2codecs/gstv4l2decoder.c
index fad7d7485..8c2e93874 100644
--- a/sys/v4l2codecs/gstv4l2decoder.c
+++ b/sys/v4l2codecs/gstv4l2decoder.c
@@ -854,7 +854,7 @@ gst_v4l2_request_free (GstV4l2Request * request)
 
     GST_DEBUG_OBJECT (decoder, "Freeing pending request %p.", request);
 
-    idx = gst_queue_array_find (decoder->pending_requests, NULL, NULL);
+    idx = gst_queue_array_find (decoder->pending_requests, NULL, request);
     if (idx >= 0)
       gst_queue_array_drop_element (decoder->pending_requests, idx);
 
-- 
cgit v1.2.1