[PATCH] media: mtk-vcodec: potential null pointer deference in SCP

From: Fullway Wang
Date: Wed Jan 17 2024 - 21:36:04 EST

Next message: Baolin Wang: "Re: [PATCH] fs: improve dump_mapping() robustness"
Previous message: Hillf Danton: "Re: [syzbot] [net?] KASAN: use-after-free Read in __skb_flow_dissect (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.

Signed-off-by: Fullway Wang <fullwaywang@xxxxxxxxxxx>
---
.../media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
index 6bbe55de6ce9..ff23b225db70 100644
--- a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
@@ -79,6 +79,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use
}

fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.39.3 (Apple Git-145)

Next message: Baolin Wang: "Re: [PATCH] fs: improve dump_mapping() robustness"
Previous message: Hillf Danton: "Re: [syzbot] [net?] KASAN: use-after-free Read in __skb_flow_dissect (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]