| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230226065011.2688452-1-void0red@gmail.com>
Date: Sun, 26 Feb 2023 14:50:11 +0800
From: Kang Chen <void0red@...il.com>
To: mchehab@...nel.org
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
Kang Chen <void0red@...il.com>
Subject: [PATCH] media: v4l2: check null return of kmalloc in format_ref_list_p and format_ref_list_b
kmalloc may fails, *out_str might be null and will cause
illegal address access later.
Signed-off-by: Kang Chen <void0red@...il.com>
---
drivers/media/v4l2-core/v4l2-h264.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/media/v4l2-core/v4l2-h264.c b/drivers/media/v4l2-core/v4l2-h264.c
index 72bd64f65..c7a088882 100644
--- a/drivers/media/v4l2-core/v4l2-h264.c
+++ b/drivers/media/v4l2-core/v4l2-h264.c
@@ -306,6 +306,9 @@ static const char *format_ref_list_p(const struct v4l2_h264_reflist_builder *bui
*out_str = kmalloc(tmp_str_size, GFP_KERNEL);
+ if (!*out_str)
+ return "NOMEM";
+
n += snprintf(*out_str + n, tmp_str_size - n, "|");
for (i = 0; i < builder->num_valid; i++) {
@@ -344,6 +347,9 @@ static const char *format_ref_list_b(const struct v4l2_h264_reflist_builder *bui
*out_str = kmalloc(tmp_str_size, GFP_KERNEL);
+ if (!*out_str)
+ return "NOMEM";
+
n += snprintf(*out_str + n, tmp_str_size - n, "|");
for (i = 0; i < builder->num_valid; i++) {
--
2.34.1
Powered by blists - more mailing lists