mt76: fix memcpy to potential null pointer on failed allocation

Currently if the allocation of skb fails and returns NULL then the call to skb_put will cause a null pointer dereference. Fix this by checking for a null skb and returning NULL. Note that calls to function mt76x2_mcu_msg_alloc don't directly check the null return but instead pass the NULL pointer to mt76x2_mcu_msg_send which checks for the NULL and returns ENOMEM in this case. Detected by CoverityScan, CID#1462624 ("Dereference null return value") Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e") Signed-off-by: Colin Ian King <colin.king@canonical.com>
openwrt · Dec 14, 2017 · cf4a5ce · cf4a5ce
1 parent e504656
commit cf4a5ce
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/mt76x2_mcu.c b/mt76x2_mcu.c
@@ -45,6 +45,8 @@ static struct sk_buff *mt76x2_mcu_msg_alloc(const void *data, int len)
 	struct sk_buff *skb;
 
 	skb = alloc_skb(len, GFP_KERNEL);
+	if (!skb)
+		return NULL;
 	memcpy(skb_put(skb, len), data, len);
 
 	return skb;