Commit 6f7cf13e authored by Ayaan Mirza Baig's avatar Ayaan Mirza Baig Committed by Luiz Augusto von Dentz
Browse files

drivers/bluetooth: btbcm: Use kmalloc_array() to prevent overflow 



Replace the open-coded multiplication in kmalloc() with a call
to kmalloc_array() to prevent potential integer overflows.

This is a mechanical change, replacing BCM_FW_NAME_LEN with
the type-safe sizeof(*fw_name) as the element size

Signed-off-by: default avatarAyaan Mirza Baig <ayaanmirzabaig85@gmail.com>
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
parent bc6f557b

drivers/bluetooth/btbcm.c

+3 −1
Original line number Diff line number Diff line
@@ -642,7 +642,9 @@ int btbcm_initialize(struct hci_dev *hdev, bool *fw_load_done, bool use_autobaud 
		snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid);

	}



	fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL);

	fw_name = kmalloc_array(BCM_FW_NAME_COUNT_MAX,

		sizeof(*fw_name),

		GFP_KERNEL);

	if (!fw_name)

		return -ENOMEM;