kmalloc may fails, *out_str might be null and will cause
illegal address access later.
Signed-off-by: Kang Chen <[email protected]>
---
drivers/media/v4l2-core/v4l2-h264.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/media/v4l2-core/v4l2-h264.c b/drivers/media/v4l2-core/v4l2-h264.c
index 72bd64f65..c7a088882 100644
--- a/drivers/media/v4l2-core/v4l2-h264.c
+++ b/drivers/media/v4l2-core/v4l2-h264.c
@@ -306,6 +306,9 @@ static const char *format_ref_list_p(const struct v4l2_h264_reflist_builder *bui
*out_str = kmalloc(tmp_str_size, GFP_KERNEL);
+ if (!*out_str)
+ return "NOMEM";
+
n += snprintf(*out_str + n, tmp_str_size - n, "|");
for (i = 0; i < builder->num_valid; i++) {
@@ -344,6 +347,9 @@ static const char *format_ref_list_b(const struct v4l2_h264_reflist_builder *bui
*out_str = kmalloc(tmp_str_size, GFP_KERNEL);
+ if (!*out_str)
+ return "NOMEM";
+
n += snprintf(*out_str + n, tmp_str_size - n, "|");
for (i = 0; i < builder->num_valid; i++) {
--
2.34.1
Hi Kang,
On Sun, Feb 26, 2023 at 02:50:11PM +0800, Kang Chen wrote:
> kmalloc may fails, *out_str might be null and will cause
> illegal address access later.
>
> Signed-off-by: Kang Chen <[email protected]>
This seems to have been addressed by commit
be3ae7cf4326e95bb1d5413b63baabc26f4a1324 that's already in upstream.
--
Kind regards,
Sakari Ailus