[v2] staging: rtl8723bs: core: avoid NULL pointer dereference in c2h_wk_callback

[PATCH v2] staging: rtl8723bs: core: avoid NULL pointer dereference in c2h_wk_callback

Posted by Nikoloz Bakuradze 2 weeks ago

kmalloc(16, GFP_ATOMIC) in c2h_wk_callback() could in theory return2
NULL, which would then be dereferenced in rtw_hal_c2h_valid().

A 16-byte allocation effectively cannot fail in practice, but add an
else continue; to the guard so the failure path exits the iteration
cleanly to make the code more robust.

Signed-off-by: Nikoloz Bakuradze <nbakuradze28@gmail.com>
---
Changes in v2:
- Dropped Fixes:/Cc:stable per Andy's review (kmalloc(16) effectively
  cannot fail in practice).
- Switched to Andy's else continue; form inside the existing
  if (c2h_evt) block.

 drivers/staging/rtl8723bs/core/rtw_cmd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/staging/rtl8723bs/core/rtw_cmd.c b/drivers/staging/rtl8723bs/core/rtw_cmd.c
index c1185c25ed369..8d06b9d0e9bbc 100644
--- a/drivers/staging/rtl8723bs/core/rtw_cmd.c
+++ b/drivers/staging/rtl8723bs/core/rtw_cmd.c
@@ -1708,6 +1708,8 @@ static void c2h_wk_callback(struct work_struct *work)
 					kfree(c2h_evt);
 					continue;
 				}
+			} else {
+				continue;
 			}
 		}
 
-- 
2.54.0

Re: [PATCH v2] staging: rtl8723bs: core: avoid NULL pointer dereference in c2h_wk_callback

Posted by Andy Shevchenko 2 weeks ago

On Wed, Jun 10, 2026 at 08:47:54PM +0400, Nikoloz Bakuradze wrote:
> kmalloc(16, GFP_ATOMIC) in c2h_wk_callback() could in theory return2
> NULL, which would then be dereferenced in rtw_hal_c2h_valid().
> 
> A 16-byte allocation effectively cannot fail in practice, but add an
> else continue; to the guard so the failure path exits the iteration
> cleanly to make the code more robust.

OK.
Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com>

-- 
With Best Regards,
Andy Shevchenko