[PATCH v2] staging: rtl8723bs: core: avoid NULL pointer dereference in c2h_wk_callback

Next message: Arnaldo Carvalho de Melo: "[PATCH 08/11] perf bpf: Use scnprintf() in snprintf_hex() and synthesize_bpf_prog_name()"
Previous message: Kamal Dasu: "Re: [PATCH v5 0/4] mmc: Add pstore backend for crash dump storage on eMMC"
Next in thread: Andy Shevchenko: "Re: [PATCH v2] staging: rtl8723bs: core: avoid NULL pointer dereference in c2h_wk_callback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Nikoloz Bakuradze

Date: Wed Jun 10 2026 - 13:04:43 EST

kmalloc(16, GFP_ATOMIC) in c2h_wk_callback() could in theory return2
NULL, which would then be dereferenced in rtw_hal_c2h_valid().

A 16-byte allocation effectively cannot fail in practice, but add an
else continue; to the guard so the failure path exits the iteration
cleanly to make the code more robust.

Signed-off-by: Nikoloz Bakuradze <nbakuradze28@xxxxxxxxx>
---
Changes in v2:
- Dropped Fixes:/Cc:stable per Andy's review (kmalloc(16) effectively
cannot fail in practice).
- Switched to Andy's else continue; form inside the existing
if (c2h_evt) block.

drivers/staging/rtl8723bs/core/rtw_cmd.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/staging/rtl8723bs/core/rtw_cmd.c b/drivers/staging/rtl8723bs/core/rtw_cmd.c
index c1185c25ed369..8d06b9d0e9bbc 100644
--- a/drivers/staging/rtl8723bs/core/rtw_cmd.c
+++ b/drivers/staging/rtl8723bs/core/rtw_cmd.c
@@ -1708,6 +1708,8 @@ static void c2h_wk_callback(struct work_struct *work)
kfree(c2h_evt);
continue;
}
+ } else {
+ continue;
}
}

--
2.54.0