On Mon, 2023-10-09 at 20:04 +0300, Dmitry Antipov wrote:
> In 'iwl_parse_tlv_firmware()', check for 'kmemdup()' return value
> when handling IWL_UCODE_TLV_CURRENT_PC and set the number of parsed
> entries only if an allocation was successful (just like it does with
> handling IWL_UCODE_TLV_CMD_VERSIONS above). Compile tested only.
>
> Signed-off-by: Dmitry Antipov <[email protected]>
> ---
> drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
> index fb5e254757e7..6cba18547549 100644
> --- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
> +++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
> @@ -1303,10 +1303,12 @@ static int iwl_parse_tlv_firmware(struct iwl_drv *drv,
> case IWL_UCODE_TLV_CURRENT_PC:
> if (tlv_len < sizeof(struct iwl_pc_data))
> goto invalid_tlv_len;
> - drv->trans->dbg.num_pc =
> - tlv_len / sizeof(struct iwl_pc_data);
> drv->trans->dbg.pc_data =
> kmemdup(tlv_data, tlv_len, GFP_KERNEL);
> + if (!drv->trans->dbg.pc_data)
> + return -ENOMEM;
> + drv->trans->dbg.num_pc =
> + tlv_len / sizeof(struct iwl_pc_data);
> break;
> default:
> IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type);
Acked-by: Gregory Greenman <[email protected]>