From df26b8723a7237588634c0ac0e7de82f2ead6c5d Mon Sep 17 00:00:00 2001
From: Anna Kiri <bredcorn@gmail.com>
Date: Tue, 26 May 2026 19:25:14 +0200
Subject: [PATCH] mtd: jffs2: add missing malloc NULL check

In mtd_replace_jffs2(), the return value of malloc(erasesize) is never
checked. If the allocation fails, buf remains NULL and the subsequent
memcpy(buf + ofs, ...) in add_data() will dereference NULL, causing a
segfault.

Add a NULL check and return -1 on allocation failure. Match the
diagnostic message used by the sibling mtd_write_jffs2() so the
out-of-memory cause is visible at the call site.

Signed-off-by: Anna Kiri <bredcorn@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/23553
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
---
 package/system/mtd/src/jffs2.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/system/mtd/src/jffs2.c b/package/system/mtd/src/jffs2.c
index cdf9cc1ccd5..c7880443934 100644
--- a/package/system/mtd/src/jffs2.c
+++ b/package/system/mtd/src/jffs2.c
@@ -242,6 +242,10 @@ int mtd_replace_jffs2(const char *mtd, int fd, int ofs, const char *filename)
 	mtdofs = ofs;
 
 	buf = malloc(erasesize);
+	if (!buf) {
+		fprintf(stderr, "Out of memory!\n");
+		return -1;
+	}
 	target_ino = 1;
 	if (!last_ino)
 		last_ino = 1;
-- 
2.47.3