[PATCH] media: v4l2: check null return of kmalloc in format_ref_list_p and format_ref_list_b
From: Kang Chen
Date: Sun Feb 26 2023 - 01:50:22 EST
kmalloc may fails, *out_str might be null and will cause
illegal address access later.
Signed-off-by: Kang Chen <void0red@xxxxxxxxx>
---
drivers/media/v4l2-core/v4l2-h264.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/media/v4l2-core/v4l2-h264.c b/drivers/media/v4l2-core/v4l2-h264.c
index 72bd64f65..c7a088882 100644
--- a/drivers/media/v4l2-core/v4l2-h264.c
+++ b/drivers/media/v4l2-core/v4l2-h264.c
@@ -306,6 +306,9 @@ static const char *format_ref_list_p(const struct v4l2_h264_reflist_builder *bui
*out_str = kmalloc(tmp_str_size, GFP_KERNEL);
+ if (!*out_str)
+ return "NOMEM";
+
n += snprintf(*out_str + n, tmp_str_size - n, "|");
for (i = 0; i < builder->num_valid; i++) {
@@ -344,6 +347,9 @@ static const char *format_ref_list_b(const struct v4l2_h264_reflist_builder *bui
*out_str = kmalloc(tmp_str_size, GFP_KERNEL);
+ if (!*out_str)
+ return "NOMEM";
+
n += snprintf(*out_str + n, tmp_str_size - n, "|");
for (i = 0; i < builder->num_valid; i++) {
--
2.34.1