mm-video: vidc: Flush m_input_free_q when input buffers are freed

Not flushing it can leave dangling pointers to old input buffers,
which get dereferenced if the component is re-used for another
session.
author:  Deva Ramasubramanian <dramasub@codeaurora.org>

bug: 10668205

Change-Id: I8356c7db9714d1c1d420d975aed0a7f50cdedef7

1 files changed, 6 insertions, 0 deletions

diff --git a/mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp b/mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp
index 521a2a44..bb2e6df9 100755
--- a/mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp
+++ b/mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp
@@ -7210,6 +7210,12 @@ void omx_vdec::free_input_buffer_header()
         free (m_inp_mem_ptr);
         m_inp_mem_ptr = NULL;
     }
+    /* We just freed all the buffer headers, every thing in m_input_free_q
+     * is now invalid */
+    while (m_input_free_q.m_size) {
+        unsigned address, p2, id;
+        m_input_free_q.pop_entry(&address, &p2, &id);
+    }
     if (drv_ctx.ptr_inputbuffer) {
         DEBUG_PRINT_LOW("\n Free Driver Context pointer");
         free (drv_ctx.ptr_inputbuffer);