vkr: fix two more cases of NULL dereferences

These are marked noautovalidity="true" in vk.xml and the decoder does
not validate them.  There are more incidents, but for the others, we
will let VVL do its job.  Reported by Yiwei.

Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
Reviewed-by: Yiwei Zhang <zzyiwei@chromium.org>
Reviewed-by: Ryan Neph <ryanneph@google.com>

src/venus/vkr_command_buffer.c

@@ -77,6 +77,12 @@ vkr_dispatch_vkFreeCommandBuffers(struct vn_dispatch_context *dispatch,
    struct vkr_context *ctx = dispatch->data;
    struct list_head free_list;
 
+   /* args->pCommandBuffers is marked noautovalidity="true" */
+   if (args->commandBufferCount && !args->pCommandBuffers) {
+      vkr_cs_decoder_set_fatal(&ctx->decoder);
+      return;
+   }
+
    vkr_command_buffer_destroy_driver_handles(ctx, args, &free_list);
    vkr_context_remove_objects(ctx, &free_list);
 }

src/venus/vkr_descriptor_set.c

@@ -108,6 +108,12 @@ vkr_dispatch_vkFreeDescriptorSets(struct vn_dispatch_context *dispatch,
    struct vkr_context *ctx = dispatch->data;
    struct list_head free_list;
 
+   /* args->pDescriptorSets is marked noautovalidity="true" */
+   if (args->descriptorSetCount && !args->pDescriptorSets) {
+      vkr_cs_decoder_set_fatal(&ctx->decoder);
+      return;
+   }
+
    vkr_descriptor_set_destroy_driver_handles(ctx, args, &free_list);
    vkr_context_remove_objects(ctx, &free_list);