[media] media: mem2mem: eliminate possible NULL pointer dereference

This patch removes the possible NULL pointer dereference in mem2mem
code.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
CC: Pawel Osciak <pawel@osciak.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

1 files changed, 10 insertions, 8 deletions

diff --git a/drivers/media/video/v4l2-mem2mem.c b/drivers/media/video/v4l2-mem2mem.c
index 3b15bf5892a8..975d0fa938c6 100644
--- a/drivers/media/video/v4l2-mem2mem.c
+++ b/drivers/media/video/v4l2-mem2mem.c
@@ -97,11 +97,12 @@ void *v4l2_m2m_next_buf(struct v4l2_m2m_queue_ctx *q_ctx)
 
         spin_lock_irqsave(&q_ctx->rdy_spinlock, flags);
 
-        if (list_empty(&q_ctx->rdy_queue))
-                goto end;
+        if (list_empty(&q_ctx->rdy_queue)) {
+                spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
+                return NULL;
+        }
 
         b = list_entry(q_ctx->rdy_queue.next, struct v4l2_m2m_buffer, list);
-end:
         spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
         return &b->vb;
 }
@@ -117,12 +118,13 @@ void *v4l2_m2m_buf_remove(struct v4l2_m2m_queue_ctx *q_ctx)
         unsigned long flags;
 
         spin_lock_irqsave(&q_ctx->rdy_spinlock, flags);
-        if (!list_empty(&q_ctx->rdy_queue)) {
-                b = list_entry(q_ctx->rdy_queue.next, struct v4l2_m2m_buffer,
-                                list);
-                list_del(&b->list);
-                q_ctx->num_rdy--;
+        if (list_empty(&q_ctx->rdy_queue)) {
+                spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
+                return NULL;
         }
+        b = list_entry(q_ctx->rdy_queue.next, struct v4l2_m2m_buffer, list);
+        list_del(&b->list);
+        q_ctx->num_rdy--;
         spin_unlock_irqrestore(&q_ctx->rdy_spinlock, flags);
 
         return &b->vb;