Use array_size to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic patch:
// <smpl>
@@
expression E1, E2;
constant C1, C2;
identifier alloc = {vmalloc,vzalloc};
@@
(
alloc(C1 * C2,...)
|
alloc(
- (E1) * (E2)
+ array_size(E1, E2)
,...)
)
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxxx>
---
drivers/vdpa/vdpa_user/iova_domain.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/vdpa/vdpa_user/iova_domain.c b/drivers/vdpa/vdpa_user/iova_domain.c
index 5e4a77b9bae6..ee395e013086 100644
--- a/drivers/vdpa/vdpa_user/iova_domain.c
+++ b/drivers/vdpa/vdpa_user/iova_domain.c
@@ -571,8 +571,9 @@ vduse_domain_create(unsigned long iova_limit, size_t bounce_size)
domain->iova_limit = iova_limit;
domain->bounce_size = PAGE_ALIGN(bounce_size);
- domain->bounce_maps = vzalloc(bounce_pfns *
- sizeof(struct vduse_bounce_map));
+ domain->bounce_maps =
+ vzalloc(array_size(bounce_pfns,
+ sizeof(struct vduse_bounce_map)));
if (!domain->bounce_maps)
goto err_map;
