mtd: check malloc() return value in mtd_check()

After malloc(erasesize) in mtd_check(), the result was never checked
for NULL. On allocation failure, the buf pointer remained NULL and
would later be used in image_check() via read(imagefd, buf + buflen,
...), causing a NULL pointer dereference.

Add a NULL check after the allocation and return early. The early
return path also closes the just-opened fd and frees the strdup'd
colon-separated device-list copy to avoid leaks.

Signed-off-by: Anna Kiri <bredcorn@gmail.com>
Link: openwrt/openwrt#23705
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

Author: air237

package/system/mtd/src/mtd.c

@@ -269,6 +269,11 @@ static int mtd_check(const char *mtd)
 
 		if (!buf)
 			buf = malloc(erasesize);
+		if (!buf) {
+			close(fd);
+			free(str);
+			return 0;
+		}
 
 		close(fd);
 		mtd = next;