Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1152653pxb; Sun, 22 Aug 2021 07:30:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxX1/4pjQ4Pl2AGs0IO0aZMAivdpcXQ7++7WchPULgDbT5KkHa7WEyNQmg/n4CKmQnpOsOI X-Received: by 2002:a02:2a88:: with SMTP id w130mr25652439jaw.60.1629642657054; Sun, 22 Aug 2021 07:30:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629642657; cv=none; d=google.com; s=arc-20160816; b=w7EGcHPCs7BuccHP0BL5N3CtOuwDPNTv4zAH2z0rHOE7KX+9MhfDwdnPXStzltDZ+O qm1qiES4u/aRmMtREZLVcsZhi7imr8JzQAGAwQFdAiKUwiZA8AiV29W+GtpPMOluTbL/ mzJajisVMwoLw3TxfziCDxkRHZGZYCY0ADXNLOGka/fN6VFNbWyTZLTEYGEJRZ0uQCHu yXdsYvFJbItaWZ3IS2JsTQVB0vkJgQX+PlQtEsEql65Jzj511BaquJmVaLYzJRA+9I/O Gs0tdO+Y+MesoeVJcYuWjTgBMrAXdRHnvCguuuzjqCmNKjO4IKHoYhKMQ/GgSnCaO7e8 d5gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3yMku7g59w/Z7vs2b7asUavJ45OhYpGSZmbseJL1MmA=; b=G1N19TzI020L8pDuVvYKoZyK2Nj/vQYnLEYL2vTli3Qgu567/OX5QLcq4aq9mhLlni uqzELGn30d2JEErwQBVo7bVpyQuM439q/OsDCSSzwRm6GFsKmVle5Hvavfq/yFiRCDfC 8oEEZ8PuOZBZ9D3SVteHH8QQWemQwAVeia3F1lekjf5SCcFEKfpAM/8YGxdnqjgn4OwQ FHOglwOZ1O1zFwL8i3SIxm6ysNdsG25jMPVGg5CwTIEJJAgCFSy7Y/R9w3yawc4b0xgY H6kC1x26G4T7HXuj5aRclfWsF3VUKPPRSRV10RHhkYaFEiAAcLY9cWVVsBZj938Eqlka hyzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=gKM0u4b4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i4si41060ila.157.2021.08.22.07.30.39; Sun, 22 Aug 2021 07:30:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=gKM0u4b4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233404AbhHVOaL (ORCPT + 99 others); Sun, 22 Aug 2021 10:30:11 -0400 Received: from mout.gmx.net ([212.227.17.20]:54793 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232003AbhHVOaK (ORCPT ); Sun, 22 Aug 2021 10:30:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1629642564; bh=qgl7lJStS+005yGjkk6fF/fD8RNwVNKYgDY82cD7XbE=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=gKM0u4b4J4tYlXkKApojb6DdGx7lbVtT7Qudx2DZ3EPtdVPIBWocxAKHwRxv+8GF0 WEPxn620OFDy4T5dhHxucFhK/GtY7PtNL69E2Fxh25lBednuWafYh6+dDYLJX1Sv98 K+tunMFjXej5DfqCnvnGUuIJXTAiE0p7Xk1RkQKk= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from localhost.localdomain ([79.150.72.99]) by mail.gmx.net (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MyKDU-1nGLeh3JJE-00ygsc; Sun, 22 Aug 2021 16:29:23 +0200 From: Len Baker To: Greg Kroah-Hartman Cc: Len Baker , Kees Cook , Michael Straube , Lee Jones , linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 2/2] staging/rtl8192u: Prefer kcalloc over open coded arithmetic Date: Sun, 22 Aug 2021 16:28:20 +0200 Message-Id: <20210822142820.5109-3-len.baker@gmx.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210822142820.5109-1-len.baker@gmx.com> References: <20210822142820.5109-1-len.baker@gmx.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:/B/R2NoiAsjs4dDhAM7hbX+batYy1t+8T2cJ3GwZQXsvTVWTZF+ aJ/lDy/4CtESgwUMVOE0yAIA4Gzc7ulUcZM9C5n0KuTB/xcazAzyhmvwJLBk2847+gNNOUY 0p5uL6CCM31yZSoutql2vMcjmTBy53SLsGQ+fAn3cNH3FpLtQWOwPT9wBajzNa17gjAbCIo FqHm5k5d5SSKflH8wZ4Hg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:cvpceODj6WE=:0/9rcMhe8pn2pueFu8w1kw QJXlLj2v9m86sPRLFNHFiKir4teShLcEMbFgdkvCLcAN6tiicA+mfjdE4EOqrEuOF31j3mzKn 7m68zoT6CgP12Y9ntaD2Woy3dbqfEBQdzcdIKauzaMWyjM2G7S2up5svQks0+E7S/xwYyg3K3 AugoH6dH9gWULBVCps03xjc1bwLl4Ga86pbORND9JWF2FYkJ7tXFItpWYQrXcfJqYiWl+Bpuw Inx9NGxAkQP5WMrctMTP8mvSkxioN9fwZGbW2z/NNTRU794KWHcZJp15sNnzpjcJJkbPwSaF8 aVv8px/0c1mPbYZEtRhJGzf6vFc+NEKYZciJUenCIVlCqGYFPK+1/43oPDP30MbpSyG21XQ/n EocENCSXZmINnBi7fgxm47RWfAQ3tYjsrF2QIiM7txRx7HjGjiN01CVi8f4sPU1nvQIK50zI+ sHznu2f/j7JGxWSgu/KvZkUcO5Y3kIY8BzQFhTZVK4VX+hU0gD46WxEz2s1/Y+wKhvITTVUxo BguCiEys1nf6i/2ZD1qS+qp/S2PQXkjJPSDD0rvZSwjAFI5cmXdgmy4rFAc5St7cbigBolSna acUr7Fhb3gCd4kIcuni+kj8TfA2AQwGx65hmUQEc5Blgm5u43SQdNXBKhdUOiv3TgIsZ+J77S ykLaqJ+fKXOt0tK7O+1CLwpLwmg29jlulYA0hEp2udsvKRgbEkCjd1JuQTwTmvwxUn7nkFVsG iyzhoHawPoPyWQuIV/E8NxX/btVlKwuv2zZc5EqfmTLYq4uJHtNyBaI41EHcVm1+77jWwKy2v h3TQC7U+RrWF9uhcS9BZQy2MO+jERVT+BuscOTO3xsMeV+EHrsWBZHHIKQEEdjDf6vJQSma6R BDfWOxdrm4hbhVP0BofideYXE61MUYq96cBNDaiaNFm+ItU7uClVAn85YB2gPJRunDpMezjyl 0B8b/foDN8ns7HiktVj02ZbNU+pAt+HAxnTmXztKuFsaSY6qJntTep6d7H6iVZy3rLvlLX4Da d/TffKC33wrIN2Vf8qLBzD7Nh58PYT0GrD9eZuivf5Y5MHlrll9FTzFw3BygPVOlZ7jvFOMSk vh0wnwW2LjbyxH26L8H3uRT31J/TQvhgmlL4mkG2H0/JvipefTj2lU52w== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dynamic size calculations (especially multiplication) should not be performed in memory allocator (or similar) function arguments due to the risk of them overflowing. This could lead to values wrapping around and a smaller allocation being made than the caller was expecting. Using those allocations could lead to linear overflows of heap memory and other misbehaviors. So, use the purpose specific kcalloc() function instead of the argument size * count in the kzalloc() function. Signed-off-by: Len Baker =2D-- drivers/staging/rtl8192u/r819xU_phy.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/rtl8192u/r819xU_phy.c b/drivers/staging/rtl81= 92u/r819xU_phy.c index ff6fe2ee3349..97f4d89500ae 100644 =2D-- a/drivers/staging/rtl8192u/r819xU_phy.c +++ b/drivers/staging/rtl8192u/r819xU_phy.c @@ -1195,17 +1195,17 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_= device *dev, u8 channel, u8 e_rfpath; bool ret; - pre_cmd =3D kzalloc(sizeof(*pre_cmd) * MAX_PRECMD_CNT, GFP_KERNEL); + pre_cmd =3D kcalloc(MAX_PRECMD_CNT, sizeof(*pre_cmd), GFP_KERNEL); if (!pre_cmd) return false; - post_cmd =3D kzalloc(sizeof(*post_cmd) * MAX_POSTCMD_CNT, GFP_KERNEL); + post_cmd =3D kcalloc(MAX_POSTCMD_CNT, sizeof(*post_cmd), GFP_KERNEL); if (!post_cmd) { kfree(pre_cmd); return false; } - rf_cmd =3D kzalloc(sizeof(*rf_cmd) * MAX_RFDEPENDCMD_CNT, GFP_KERNEL); + rf_cmd =3D kcalloc(MAX_RFDEPENDCMD_CNT, sizeof(*rf_cmd), GFP_KERNEL); if (!rf_cmd) { kfree(pre_cmd); kfree(post_cmd); =2D- 2.25.1