Gustavo A. R. Silva <gustavo...@kernel.org> wrote:
> Use array3_size() helper instead of the open-coded version in
> afs_extract_to_buf(). These sorts of multiplication factors need
> to be wrapped in array3_size().
For afs_deliver_cb_callback(), this adds redundant checking, as does the one
on the kmalloc() on the preceding line:
call->buffer = kmalloc(array3_size(call->count, 3, 4),
GFP_KERNEL);
if (!call->buffer)
return -ENOMEM;
because directly above them is a range check:
if (call->count > AFSCBMAX)
return afs_protocol_error(call,
afs_eproto_cb_fid_count);
limiting the array size to 50.
Further, note that it's *not* a 3D array. 3 * 4 is the element size and is
constant. I've written it that way as the block is 3 XDR units, but the block
size is actually 12 bytes.
The one in the kmalloc() should also not be using array3_size() for the same
reason.
David
