Use array_size to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic patch:
// <smpl>
@@
size_t e1,e2;
expression COUNT;
identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc};
@@
(
alloc(
- (e1) * (e2)
+ array_size(e1, e2)
,...)
|
alloc(
- (e1) * (COUNT)
+ array_size(COUNT, e1)
,...)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
drivers/net/ethernet/google/gve/gve_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/google/gve/gve_tx.c b/drivers/net/ethernet/google/gve/gve_tx.c
index 813da572abca..d77ebbb24936 100644
--- a/drivers/net/ethernet/google/gve/gve_tx.c
+++ b/drivers/net/ethernet/google/gve/gve_tx.c
@@ -248,7 +248,7 @@ static int gve_tx_alloc_ring(struct gve_priv *priv, int idx)
tx->mask = slots - 1;
/* alloc metadata */
- tx->info = vzalloc(sizeof(*tx->info) * slots);
+ tx->info = vzalloc(array_size(slots, sizeof(*tx->info)));
if (!tx->info)
return -ENOMEM;
On Fri, Jun 23, 2023 at 11:14:35PM +0200, Julia Lawall wrote:
> Use array_size to protect against multiplication overflows.
>
> The changes were done using the following Coccinelle semantic patch:
>
> // <smpl>
> @@
> size_t e1,e2;
> expression COUNT;
> identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc};
> @@
>
> (
> alloc(
> - (e1) * (e2)
> + array_size(e1, e2)
> ,...)
> |
> alloc(
> - (e1) * (COUNT)
> + array_size(COUNT, e1)
> ,...)
> )
> // </smpl>
>
> Signed-off-by: Julia Lawall <[email protected]>
Reviewed-by: Simon Horman <[email protected]>