kmalloc_array()/kcalloc() should be used to avoid potential overflow when a multiplication is needed to compute the size of the requested memory. kmalloc_array() can be used here instead of kcalloc() because the array is fully initialized in the next 'for' loop. Finally, 'cd->detectors' is defined as 'struct pri_detector **detectors;'. So 'cd->detectors' and '*cd->detectors' are both some pointer. So use a more logical 'sizeof(*cd->detectors)'. Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> --- drivers/net/wireless/ath/dfs_pattern_detector.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath/dfs_pattern_detector.c b/drivers/net/wireless/ath/dfs_pattern_detector.c index 75cb53a3ec15..27f4d74a41c8 100644 --- a/drivers/net/wireless/ath/dfs_pattern_detector.c +++ b/drivers/net/wireless/ath/dfs_pattern_detector.c @@ -197,7 +197,7 @@ static void channel_detector_exit(struct dfs_pattern_detector *dpd, static struct channel_detector * channel_detector_create(struct dfs_pattern_detector *dpd, u16 freq) { - u32 sz, i; + u32 i; struct channel_detector *cd; cd = kmalloc(sizeof(*cd), GFP_ATOMIC); @@ -206,8 +206,8 @@ channel_detector_create(struct dfs_pattern_detector *dpd, u16 freq) INIT_LIST_HEAD(&cd->head); cd->freq = freq; - sz = sizeof(cd->detectors) * dpd->num_radar_types; - cd->detectors = kzalloc(sz, GFP_ATOMIC); + cd->detectors = kmalloc_array(dpd->num_radar_types, + sizeof(*cd->detectors), GFP_ATOMIC); if (cd->detectors == NULL) goto fail; -- 2.32.0