Use array_size to protect against multiplication overflows. The changes were done using the following Coccinelle semantic patch: // <smpl> @@ expression E1, E2; constant C1, C2; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2,...) | alloc( - (E1) * (E2) + array_size(E1, E2) ,...) ) // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxxx> --- drivers/gpu/drm/gud/gud_pipe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/gud/gud_pipe.c b/drivers/gpu/drm/gud/gud_pipe.c index dc16a92625d4..34df847bd829 100644 --- a/drivers/gpu/drm/gud/gud_pipe.c +++ b/drivers/gpu/drm/gud/gud_pipe.c @@ -390,7 +390,7 @@ static int gud_fb_queue_damage(struct gud_device *gdrm, struct drm_framebuffer * mutex_lock(&gdrm->damage_lock); if (!gdrm->shadow_buf) { - gdrm->shadow_buf = vzalloc(fb->pitches[0] * fb->height); + gdrm->shadow_buf = vzalloc(array_size(fb->pitches[0], fb->height)); if (!gdrm->shadow_buf) { mutex_unlock(&gdrm->damage_lock); return -ENOMEM;