From: Zhongqiu Han <quic_zhonhan@quicinc.com>
Date: Sat, 5 Jul 2025 10:52:46 +0000 (+0800)
Subject: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure
X-Git-Tag: v6.16.1~370
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5029d80bfc30b60ff57c70ccb04e027acb404f6a;p=thirdparty%2Fkernel%2Fstable.git

Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure

[ Upstream commit b505902c66a282dcb01bcdc015aa1fdfaaa075db ]

Avoid potential NULL pointer dereference by checking the return value of
kmalloc and handling allocation failure properly.

Fixes: 7d70989fcea7 ("Bluetooth: btusb: Add HCI Drv commands for configuring altsetting")
Signed-off-by: Zhongqiu Han <quic_zhonhan@quicinc.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index f9eeec0aed57d..db27d28e8a7ee 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -3802,6 +3802,8 @@ static int btusb_hci_drv_supported_altsettings(struct hci_dev *hdev, void *data,
 
 	/* There are at most 7 alt (0 - 6) */
 	rp = kmalloc(sizeof(*rp) + 7, GFP_KERNEL);
+	if (!rp)
+		return -ENOMEM;
 
 	rp->num = 0;
 	if (!drvdata->isoc)