Use array_size to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic patch:
// <smpl>
@@
size_t e1,e2;
expression COUNT;
identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc};
@@
(
alloc(
- (e1) * (e2)
+ array_size(e1, e2)
,...)
|
alloc(
- (e1) * (COUNT)
+ array_size(COUNT, e1)
,...)
)
// </smpl>
Signed-off-by: Julia Lawall <julia.law...@inria.fr>
---
drivers/dma-buf/heaps/system_heap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma-buf/heaps/system_heap.c
b/drivers/dma-buf/heaps/system_heap.c
index ee7059399e9c..fb7867599874 100644
--- a/drivers/dma-buf/heaps/system_heap.c
+++ b/drivers/dma-buf/heaps/system_heap.c
@@ -221,7 +221,7 @@ static void *system_heap_do_vmap(struct system_heap_buffer
*buffer)
{
struct sg_table *table = &buffer->sg_table;
int npages = PAGE_ALIGN(buffer->len) / PAGE_SIZE;
- struct page **pages = vmalloc(sizeof(struct page *) * npages);
+ struct page **pages = vmalloc(array_size(npages, sizeof(struct page
*)));
struct page **tmp = pages;
struct sg_page_iter piter;
void *vaddr;
