Use array_size to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic patch:
// <smpl> @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc}; @@
( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // </smpl>
Signed-off-by: Julia Lawall Julia.Lawall@inria.fr
--- drivers/dma-buf/heaps/system_heap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c index ee7059399e9c..fb7867599874 100644 --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -221,7 +221,7 @@ static void *system_heap_do_vmap(struct system_heap_buffer *buffer) { struct sg_table *table = &buffer->sg_table; int npages = PAGE_ALIGN(buffer->len) / PAGE_SIZE; - struct page **pages = vmalloc(sizeof(struct page *) * npages); + struct page **pages = vmalloc(array_size(npages, sizeof(struct page *))); struct page **tmp = pages; struct sg_page_iter piter; void *vaddr;