From fa6f34d595f93a020826e3d77164551818e1b5fd Mon Sep 17 00:00:00 2001
From: Hou Qi <qi.hou@nxp.com>
Date: Thu, 3 Mar 2022 13:47:05 +0800
Subject: [PATCH] v4l2bufferpool: Fix race condition between qbuf and pool
 streamoff

There is a chance that pool->buffers[index] sets BUFFER_STATE_QUEUED, but
it has not been queued yet which makes pool->buffers[index] still NULL.
At this time, if pool_streamff release all buffers with BUFFER_STATE_QUEUED
state regardless of whether the buffer is NULL or not, it will cause segfault.

To fix this, also check buffer when streamoff release buffer.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/1842>
---
 subprojects/gst-plugins-good/sys/v4l2/gstv4l2bufferpool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2bufferpool.c b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2bufferpool.c
index d68732646d..18fb61b976 100644
--- a/subprojects/gst-plugins-good/sys/v4l2/gstv4l2bufferpool.c
+++ b/subprojects/gst-plugins-good/sys/v4l2/gstv4l2bufferpool.c
@@ -744,7 +744,7 @@ gst_v4l2_buffer_pool_streamoff (GstV4l2BufferPool * pool)
   for (i = 0; i < VIDEO_MAX_FRAME; i++) {
     gint old_buffer_state =
         g_atomic_int_and (&pool->buffer_state[i], ~BUFFER_STATE_QUEUED);
-    if (old_buffer_state & BUFFER_STATE_QUEUED) {
+    if ((old_buffer_state & BUFFER_STATE_QUEUED) && pool->buffers[i]) {
       GstBuffer *buffer = pool->buffers[i];
       GstBufferPool *bpool = GST_BUFFER_POOL (pool);