drivers/bluetooth: btbcm: Use kmalloc_array() to prevent overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Replace the open-coded multiplication in kmalloc() with a call
to kmalloc_array() to prevent potential integer overflows.

This is a mechanical change, replacing BCM_FW_NAME_LEN with
the type-safe sizeof(*fw_name) as the element size

Signed-off-by: Ayaan Mirza Baig <ayaanmirzabaig85@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

authored by

Ayaan Mirza Baig and committed by

Luiz Augusto von Dentz 4 months ago 6f7cf13e bc6f557b

+3 -1

1 changed file

expand all

drivers

bluetooth

btbcm.c

+3 -1

drivers/bluetooth/btbcm.c

··· 642 642 snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid); 643 643 } 644 644 645 - fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL); 645 + fw_name = kmalloc_array(BCM_FW_NAME_COUNT_MAX, 646 + sizeof(*fw_name), 647 + GFP_KERNEL); 646 648 if (!fw_name) 647 649 return -ENOMEM; 648 650