Hi Julia, Bingbu, On Tue, Jun 27, 2023 at 07:35:47PM +0200, Julia Lawall wrote: > > > On Fri, 23 Jun 2023, Julia Lawall wrote: > > > Use array_size to protect against multiplication overflows. > > > > The changes were done using the following Coccinelle semantic patch: > > > > // <smpl> > > @@ > > expression E1, E2; > > constant C1, C2; > > identifier alloc = {vmalloc,vzalloc}; > > @@ > > > > ( > > alloc(C1 * C2,...) > > | > > alloc( > > - (E1) * (E2) > > + array_size(E1, E2) > > ,...) > > ) > > // </smpl> > > > > Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxxx> > > > > --- > > drivers/staging/media/ipu3/ipu3-mmu.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/staging/media/ipu3/ipu3-mmu.c b/drivers/staging/media/ipu3/ipu3-mmu.c > > index cb9bf5fb29a5..9c4adb815c94 100644 > > --- a/drivers/staging/media/ipu3/ipu3-mmu.c > > +++ b/drivers/staging/media/ipu3/ipu3-mmu.c > > @@ -464,7 +464,7 @@ struct imgu_mmu_info *imgu_mmu_init(struct device *parent, void __iomem *base) > > * Allocate the array of L2PT CPU pointers, initialized to zero, > > * which means the dummy L2PT allocated above. > > */ > > - mmu->l2pts = vzalloc(IPU3_PT_PTES * sizeof(*mmu->l2pts)); > > + mmu->l2pts = vzalloc(array_size(IPU3_PT_PTES, sizeof(*mmu->l2pts))); > > if (!mmu->l2pts) > > goto fail_l2pt; > > I think that this patch can be dropped. Since it is a multiplcation of > two constants, if there is an overflow, I guess the compiler would detect > it? Indeed. vcalloc() would be perhaps nicer but the original isn't wrong either. -- Kind regards, Sakari Ailus