Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worse scenario, could lead to heap overflows. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> --- drivers/usb/atm/usbatm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c index 33ae03ac13a6..da17be1ef64e 100644 --- a/drivers/usb/atm/usbatm.c +++ b/drivers/usb/atm/usbatm.c @@ -1015,9 +1015,11 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id, int error = -ENOMEM; int i, length; unsigned int maxpacket, num_packets; + size_t size; /* instance init */ - instance = kzalloc(sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs), GFP_KERNEL); + size = struct_size(instance, urbs, num_rcv_urbs + num_snd_urbs); + instance = kzalloc(size, GFP_KERNEL); if (!instance) return -ENOMEM; -- 2.27.0