mtd: jffs2: add missing malloc NULL check

In mtd_replace_jffs2(), the return value of malloc(erasesize) is never
checked. If the allocation fails, buf remains NULL and the subsequent
memcpy(buf + ofs, ...) in add_data() will dereference NULL, causing a
segfault.

Add a NULL check and return -1 on allocation failure. Match the
diagnostic message used by the sibling mtd_write_jffs2() so the
out-of-memory cause is visible at the call site.

Signed-off-by: Anna Kiri <bredcorn@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/23553
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

diff --git a/package/system/mtd/src/jffs2.c b/package/system/mtd/src/jffs2.c
index cdf9cc1ccd51e43ac32c39d4ee3c8bb1221273b9..c78804439342c98c7152df542bdfb409ceb3f051 100644 (file)
--- a/package/system/mtd/src/jffs2.c
+++ b/package/system/mtd/src/jffs2.c
@@ -242,6 +242,10 @@ int mtd_replace_jffs2(const char *mtd, int fd, int ofs, const char *filename)
        mtdofs = ofs;
 
        buf = malloc(erasesize);
+       if (!buf) {
+               fprintf(stderr, "Out of memory!\n");
+               return -1;
+       }
        target_ino = 1;
        if (!last_ino)
                last_ino = 1;