diff mbox series

[V2] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg()

Message ID 516a91f3997534f708af43c7592cbafdd53dd599.1730253508.git.xiaopei01@kylinos.cn (mailing list archive)
State New
Delegated to: Ping-Ke Shih
Headers show
Series [V2] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() | expand

Commit Message

Pei Xiao Oct. 30, 2024, 3:20 a.m. UTC 
kmalloc may fail, return value might be NULL and will cause
NULL pointer dereference. Add check NULL return of kmalloc in
btc_fw_set_monreg().

Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
Fixes: b952cb0a6e2d ("wifi: rtw89: coex: Add register monitor report v7 format")
---
 drivers/net/wireless/realtek/rtw89/coex.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Kalle Valo Oct. 30, 2024, 10:37 a.m. UTC | #1 
Pei Xiao <xiaopei01@kylinos.cn> writes:

> kmalloc may fail, return value might be NULL and will cause
> NULL pointer dereference. Add check NULL return of kmalloc in
> btc_fw_set_monreg().
>
> Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
> Fixes: b952cb0a6e2d ("wifi: rtw89: coex: Add register monitor report v7 format")

When you submit v2 please include a list of changes from v1. No need to
resend because of this but please read the documentation below.
diff mbox series

Patch

diff --git a/drivers/net/wireless/realtek/rtw89/coex.c b/drivers/net/wireless/realtek/rtw89/coex.c
index b60c8bd4537b..092f882147cd 100644
--- a/drivers/net/wireless/realtek/rtw89/coex.c
+++ b/drivers/net/wireless/realtek/rtw89/coex.c
@@ -2507,6 +2507,8 @@  static void btc_fw_set_monreg(struct rtw89_dev *rtwdev)
 	if (ver->fcxmreg == 7) {
 		sz = struct_size(v7, regs, n);
 		v7 = kmalloc(sz, GFP_KERNEL);
+		if (!v7)
+			return;
 		v7->type = RPT_EN_MREG;
 		v7->fver = ver->fcxmreg;
 		v7->len = n;
@@ -2521,6 +2523,8 @@  static void btc_fw_set_monreg(struct rtw89_dev *rtwdev)
 	} else {
 		sz = struct_size(v1, regs, n);
 		v1 = kmalloc(sz, GFP_KERNEL);
+		if (!v1)
+			return;
 		v1->fver = ver->fcxmreg;
 		v1->reg_num = n;
 		memcpy(v1->regs, chip->mon_reg, flex_array_size(v1, regs, n));