media: mtk-vcodec: potential null pointer deference in SCP

Fullway Wang · gregkh · commit eeb62bb4ca22 · 2025-03-07T16:56:51.000+01:00
commit 53dbe08 upstream. The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com Signed-off-by: Fullway Wang <fullwaywang@outlook.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com> Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
 	}
 
 	fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+	if (!fw)
+		return ERR_PTR(-ENOMEM);
 	fw->type = SCP;
 	fw->ops = &mtk_vcodec_rproc_msg;
 	fw->scp = scp;

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,8 @@ struct mtk_vcodec_fw mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev dev)`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);`
	`68`	`+ if (!fw)`
	`69`	`+ return ERR_PTR(-ENOMEM);`
`68`	`70`	`fw->type = SCP;`
`69`	`71`	`fw->ops = &mtk_vcodec_rproc_msg;`
`70`	`72`	`fw->scp = scp;`