brcmfmac: use kcalloc() to prevent integer overflow

The multiplication here looks like it could overflow. I've changed it to use kcalloc() to prevent that. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Acked-by: N Arend van Spriel <arend@broadcom.com> Signed-off-by: N John W. Linville <linville@tuxdriver.com>

brcmfmac: use kcalloc() to prevent integer overflow
The multiplication here looks like it could overflow. I've changed it to use kcalloc() to prevent that. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Acked-by: N Arend van Spriel <arend@broadcom.com> Signed-off-by: N John W. Linville <linville@tuxdriver.com>
58901d18 · Dan Carpenter · John W. Linville · 365d2ebc · 58901d18
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c +2 -2

未找到文件。
--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
@@ -3297,8 +3297,8 @@ brcmf_notify_sched_scan_results(struct brcmf_cfg80211_priv *cfg_priv,
 		int i;

 		request = kzalloc(sizeof(*request), GFP_KERNEL);
-		ssid = kzalloc(sizeof(*ssid) * result_count, GFP_KERNEL);
-		channel = kzalloc(sizeof(*channel) * result_count, GFP_KERNEL);
+		ssid = kcalloc(result_count, sizeof(*ssid), GFP_KERNEL);
+		channel = kcalloc(result_count, sizeof(*channel), GFP_KERNEL);
 		if (!request || !ssid || !channel) {
 			err = -ENOMEM;
 			goto out_err;