In 'iwl_parse_tlv_firmware()', check for 'kmemdup()' return value when handling IWL_UCODE_TLV_CURRENT_PC and set the number of parsed entries only if an allocation was successful (just like it does with handling IWL_UCODE_TLV_CMD_VERSIONS above). Compile tested only. Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx> --- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c index fb5e254757e7..6cba18547549 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c @@ -1303,10 +1303,12 @@ static int iwl_parse_tlv_firmware(struct iwl_drv *drv, case IWL_UCODE_TLV_CURRENT_PC: if (tlv_len < sizeof(struct iwl_pc_data)) goto invalid_tlv_len; - drv->trans->dbg.num_pc = - tlv_len / sizeof(struct iwl_pc_data); drv->trans->dbg.pc_data = kmemdup(tlv_data, tlv_len, GFP_KERNEL); + if (!drv->trans->dbg.pc_data) + return -ENOMEM; + drv->trans->dbg.num_pc = + tlv_len / sizeof(struct iwl_pc_data); break; default: IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type); -- 2.41.0
