usb: iowarrior: replace kmalloc with kmalloc_array

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

A common flaw in the kernel is integer overflow during memory allocation
size calculations. In an effort to reduce the frequency of these bugs,
kmalloc_array was implemented, which allocates memory for an array,
while at the same time detects integer overflow.

This patch replaces cases of:

kmalloc(a * b, gfp)

with:
kmalloc_array(a, b, gfp)

Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Gustavo A. R. Silva and committed by

Greg Kroah-Hartman 7 years ago 23feefda 87f88dfc

+2 -2

1 changed file

expand all

drivers

usb

misc

iowarrior.c

+2 -2

drivers/usb/misc/iowarrior.c

··· 808 808 dev->int_in_endpoint->bInterval); 809 809 /* create an internal buffer for interrupt data from the device */ 810 810 dev->read_queue = 811 - kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER), 812 - GFP_KERNEL); 811 + kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER, 812 + GFP_KERNEL); 813 813 if (!dev->read_queue) 814 814 goto error; 815 815 /* Get the serial-number of the chip */