ALSA: cmipci: check snd_ctl_new1() return value

snd_ctl_new1() can return NULL when memory allocation fails.
snd_cmipci_spdif_controls() does not check the return value before
dereferencing kctl->id.device, which can lead to a NULL pointer
dereference.

Add NULL checks after snd_ctl_new1() calls and return -ENOMEM if any
fails.

Assisted-by: Opencode:DeepSeek-V4-Flash
Cc: stable@vger.kernel.org
Fixes: f2f312ad88c6 ("ALSA: cmipci: Fix kctl->id initialization")
Signed-off-by: Zhao Dongdong <zhaodongdong@kylinos.cn>
Link: https://patch.msgid.link/tencent_964433DCD132125D5EDA79EE068A2D6EFA09@qq.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c
index f5382b10865a3544ce5bd7673f2f760582df9e30..9d9f784e3a8c10eb935ab0d52466b5912cc63ca1 100644 (file)
--- a/sound/pci/cmipci.c
+++ b/sound/pci/cmipci.c
@@ -2637,16 +2637,22 @@ static int snd_cmipci_mixer_new(struct cmipci *cm, int pcm_spdif_device)
                }
                if (cm->can_ac3_hw) {
                        kctl = snd_ctl_new1(&snd_cmipci_spdif_default, cm);
+                       if (!kctl)
+                               return -ENOMEM;
                        kctl->id.device = pcm_spdif_device;
                        err = snd_ctl_add(card, kctl);
                        if (err < 0)
                                return err;
                        kctl = snd_ctl_new1(&snd_cmipci_spdif_mask, cm);
+                       if (!kctl)
+                               return -ENOMEM;
                        kctl->id.device = pcm_spdif_device;
                        err = snd_ctl_add(card, kctl);
                        if (err < 0)
                                return err;
                        kctl = snd_ctl_new1(&snd_cmipci_spdif_stream, cm);
+                       if (!kctl)
+                               return -ENOMEM;
                        kctl->id.device = pcm_spdif_device;
                        err = snd_ctl_add(card, kctl);
                        if (err < 0)