Use array_size to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic patch:
// <smpl>
@@
expression E1, E2;
constant C1, C2;
identifier alloc = {vmalloc,vzalloc};
@@
(
alloc(C1 * C2,...)
|
alloc(
- (E1) * (E2)
+ array_size(E1, E2)
,...)
)
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxxx>
---
drivers/net/ethernet/amd/pds_core/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/amd/pds_core/core.c b/drivers/net/ethernet/amd/pds_core/core.c
index 483a070d96fa..d87f45a1ee2f 100644
--- a/drivers/net/ethernet/amd/pds_core/core.c
+++ b/drivers/net/ethernet/amd/pds_core/core.c
@@ -196,7 +196,7 @@ int pdsc_qcq_alloc(struct pdsc *pdsc, unsigned int type, unsigned int index,
dma_addr_t q_base_pa;
int err;
- qcq->q.info = vzalloc(num_descs * sizeof(*qcq->q.info));
+ qcq->q.info = vzalloc(array_size(num_descs, sizeof(*qcq->q.info)));
if (!qcq->q.info) {
err = -ENOMEM;
goto err_out;
@@ -219,7 +219,7 @@ int pdsc_qcq_alloc(struct pdsc *pdsc, unsigned int type, unsigned int index,
if (err)
goto err_out_free_q_info;
- qcq->cq.info = vzalloc(num_descs * sizeof(*qcq->cq.info));
+ qcq->cq.info = vzalloc(array_size(num_descs, sizeof(*qcq->cq.info)));
if (!qcq->cq.info) {
err = -ENOMEM;
goto err_out_free_irq;
