Assign array_size() to variable _size_ and use it in both vmalloc() and memset(). These sorts of multiplication factors need to be wrapped in array_size(). This issue was found with the help of Coccinelle and, audited and fixed manually. Addresses-KSPP-ID: https://github.com/KSPP/linux/issues/83 Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> --- fs/reiserfs/bitmap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/reiserfs/bitmap.c b/fs/reiserfs/bitmap.c index bf708ac287b4..3ca601893d2e 100644 --- a/fs/reiserfs/bitmap.c +++ b/fs/reiserfs/bitmap.c @@ -1455,12 +1455,13 @@ int reiserfs_init_bitmap_cache(struct super_block *sb) { struct reiserfs_bitmap_info *bitmap; unsigned int bmap_nr = reiserfs_bmap_count(sb); + size_t size = array_size(bmap_nr, sizeof(*bitmap)); - bitmap = vmalloc(array_size(bmap_nr, sizeof(*bitmap))); + bitmap = vmalloc(size); if (bitmap == NULL) return -ENOMEM; - memset(bitmap, 0xff, sizeof(*bitmap) * bmap_nr); + memset(bitmap, 0xff, size); SB_AP_BITMAP(sb) = bitmap; -- 2.27.0
