From 4409db4a879c7b8012e7fdf2068c00f36ac8bb85 Mon Sep 17 00:00:00 2001
From: ligd <liguiding1@xiaomi.com>
Date: Mon, 27 Nov 2023 21:58:17 +0800
Subject: [PATCH] sem: fix NULL pointer when open CONFIG_PRIORITY_INHERITANCE

set CONFIG_PRIORITY_INHERITANCE=y
set CONFIG_SEM_PREALLOCHOLDERS=0

semaphore/sem_holder.c:320:34: runtime error: member access within null pointer of type 'struct tcb_s'
    #0 0xd8b540 in nxsem_boostholderprio semaphore/sem_holder.c:320
    #1 0xd8c1cf in nxsem_boost_priority semaphore/sem_holder.c:703
    #2 0xda5dfa in nxsem_wait semaphore/sem_wait.c:145
    #3 0xda61d9 in nxsem_wait_uninterruptible semaphore/sem_wait.c:248
    #4 0x12f2477 in media_service_thread0 /home/ligd/platform/dev/apps/examples/hello/hello_main.c:44
    #5 0x1204154 in pthread_startup pthread/pthread_create.c:59
    #6 0x1cd906f in pthread_start pthread/pthread_create.c:139
    #7 0xe72fcb in pre_start sim/sim_initialstate.c:52

Signed-off-by: ligd <liguiding1@xiaomi.com>
---
 sched/semaphore/sem_holder.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/sched/semaphore/sem_holder.c b/sched/semaphore/sem_holder.c
index b062ef22d6a23..ed2b461661ae6 100644
--- a/sched/semaphore/sem_holder.c
+++ b/sched/semaphore/sem_holder.c
@@ -319,7 +319,7 @@ static int nxsem_boostholderprio(FAR struct semholder_s *pholder,
    * because the thread is already running at a sufficient priority.
    */
 
-  if (rtcb->sched_priority > htcb->sched_priority)
+  if (rtcb && htcb && rtcb->sched_priority > htcb->sched_priority)
     {
       /* Raise the priority of the holder of the semaphore.  This
        * cannot cause a context switch because we have preemption
@@ -757,14 +757,13 @@ void nxsem_release_holder(FAR sem_t *sem)
               return;
             }
         }
-
-      /* The current task is not a holder */
-
-      DEBUGPANIC();
 #else
       pholder = &sem->holder;
-      DEBUGASSERT(pholder->htcb == rtcb);
-      nxsem_freeholder(sem, pholder);
+      if (pholder->htcb)
+        {
+          DEBUGASSERT(pholder->htcb == rtcb);
+          nxsem_freeholder(sem, pholder);
+        }
 #endif
     }
 }