From ed38f8c382cdf45604b126f43508bc41e4da2128 Mon Sep 17 00:00:00 2001 From: "gan.zhang" Date: Tue, 8 Dec 2020 20:11:03 +0800 Subject: [PATCH] decoder: fix a kernel panic [1/1] PD#SWPL-38642 Problem: Cause crash when vf in null Solution: Check for null pointer. Verify: AH212 Change-Id: I41583004e735c40c71e50de6818e6f097a68a6a0 Signed-off-by: gan.zhang --- drivers/frame_provider/decoder/avs2/vavs2.c | 7 ++++++- drivers/frame_provider/decoder/h264_multi/vmh264.c | 4 ++++ drivers/frame_provider/decoder/mjpeg/vmjpeg_multi.c | 4 ++++ drivers/frame_provider/decoder/mpeg4/vmpeg4_multi.c | 3 +++ drivers/frame_provider/decoder/vp9/vvp9.c | 7 ++++++- 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/drivers/frame_provider/decoder/avs2/vavs2.c b/drivers/frame_provider/decoder/avs2/vavs2.c index 688f3f7..de72664 100644 --- a/drivers/frame_provider/decoder/avs2/vavs2.c +++ b/drivers/frame_provider/decoder/avs2/vavs2.c @@ -4184,11 +4184,16 @@ static struct vframe_s *vavs2_vf_get(void *op_arg) static void vavs2_vf_put(struct vframe_s *vf, void *op_arg) { struct AVS2Decoder_s *dec = (struct AVS2Decoder_s *)op_arg; - uint8_t index = vf->index & 0xff; + uint8_t index; if (vf == (&dec->vframe_dummy)) return; + if (!vf) + return; + + index = vf->index & 0xff; + kfifo_put(&dec->newframe_q, (const struct vframe_s *)vf); dec->vf_put_count++; avs2_print(dec, AVS2_DBG_BUFMGR, diff --git a/drivers/frame_provider/decoder/h264_multi/vmh264.c b/drivers/frame_provider/decoder/h264_multi/vmh264.c index 8366c05..5389405 100644 --- a/drivers/frame_provider/decoder/h264_multi/vmh264.c +++ b/drivers/frame_provider/decoder/h264_multi/vmh264.c @@ -4309,6 +4309,10 @@ static void vh264_vf_put(struct vframe_s *vf, void *op_arg) if (vf == (&hw->vframe_dummy)) return; + + if (!vf) + return; + if (vf->index == -1) { dpb_print(DECODE_ID(hw), 0, "Warning: %s vf %p invalid index\r\n", diff --git a/drivers/frame_provider/decoder/mjpeg/vmjpeg_multi.c b/drivers/frame_provider/decoder/mjpeg/vmjpeg_multi.c index 947a8b5..df3991c 100644 --- a/drivers/frame_provider/decoder/mjpeg/vmjpeg_multi.c +++ b/drivers/frame_provider/decoder/mjpeg/vmjpeg_multi.c @@ -495,6 +495,10 @@ static void vmjpeg_vf_put(struct vframe_s *vf, void *op_arg) { struct vdec_s *vdec = op_arg; struct vdec_mjpeg_hw_s *hw = (struct vdec_mjpeg_hw_s *)vdec->private; + + if (!vf) + return; + mmjpeg_debug_print(DECODE_ID(hw), PRINT_FRAME_NUM, "%s:put_num:%d\n", __func__, hw->put_num); hw->vfbuf_use[vf->index]--; diff --git a/drivers/frame_provider/decoder/mpeg4/vmpeg4_multi.c b/drivers/frame_provider/decoder/mpeg4/vmpeg4_multi.c index 65111c2..acca6bc 100644 --- a/drivers/frame_provider/decoder/mpeg4/vmpeg4_multi.c +++ b/drivers/frame_provider/decoder/mpeg4/vmpeg4_multi.c @@ -1646,6 +1646,9 @@ static void vmpeg_vf_put(struct vframe_s *vf, void *op_arg) struct vdec_s *vdec = op_arg; struct vdec_mpeg4_hw_s *hw = (struct vdec_mpeg4_hw_s *)vdec->private; + if (!vf) + return; + hw->vfbuf_use[vf->index]--; hw->put_num++; mmpeg4_debug_print(DECODE_ID(hw), PRINT_FRAME_NUM, diff --git a/drivers/frame_provider/decoder/vp9/vvp9.c b/drivers/frame_provider/decoder/vp9/vvp9.c index 876dc8b..d9a64c2 100644 --- a/drivers/frame_provider/decoder/vp9/vvp9.c +++ b/drivers/frame_provider/decoder/vp9/vvp9.c @@ -6992,11 +6992,16 @@ static struct vframe_s *vvp9_vf_get(void *op_arg) static void vvp9_vf_put(struct vframe_s *vf, void *op_arg) { struct VP9Decoder_s *pbi = (struct VP9Decoder_s *)op_arg; - uint8_t index = vf->index & 0xff; + uint8_t index; if (vf == (&pbi->vframe_dummy)) return; + if (!vf) + return; + + index = vf->index & 0xff; + if (pbi->enable_fence && vf->fence) { vdec_fence_put(vf->fence); vf->fence = NULL; -- 2.20.1