On Mon, 2019-01-28 at 14:44 +0800, YueHaibing wrote: > Use struct_size() in kzalloc instead of the 'regd_to_copy' There is also the use above that in the same function that could also be converted. /* build a regdomain rule for every valid channel */ size_of_regd = sizeof(struct ieee80211_regdomain) + num_of_ch * sizeof(struct ieee80211_reg_rule); regd = kzalloc(size_of_regd, GFP_KERNEL); if (!regd) return ERR_PTR(-ENOMEM); > diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c b/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c [] > @@ -1093,7 +1093,7 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, > const u8 *nvm_chan = cfg->nvm_type == IWL_NVM_EXT ? > iwl_ext_nvm_channels : iwl_nvm_channels; > struct ieee80211_regdomain *regd, *copy_rd; > - int size_of_regd, regd_to_copy; > + int size_of_regd; > struct ieee80211_reg_rule *rule; > struct regdb_ptrs *regdb_ptrs; > enum nl80211_band band; > @@ -1193,10 +1193,8 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, > * Narrow down regdom for unused regulatory rules to prevent hole > * between reg rules to wmm rules. > */ > - regd_to_copy = sizeof(struct ieee80211_regdomain) + > - valid_rules * sizeof(struct ieee80211_reg_rule); > - > - copy_rd = kmemdup(regd, regd_to_copy, GFP_KERNEL); > + copy_rd = kmemdup(regd, struct_size(regd, reg_rules, valid_rules), > + GFP_KERNEL); > if (!copy_rd) > copy_rd = ERR_PTR(-ENOMEM); >
