Use array_size to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic patch:
// <smpl>
@@
expression E1, E2;
constant C1, C2;
identifier alloc = {vmalloc,vzalloc};
@@
(
alloc(C1 * C2,...)
|
alloc(
- (E1) * (E2)
+ array_size(E1, E2)
,...)
)
// </smpl>
Signed-off-by: Julia Lawall <julia.law...@inria.fr>
---
drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index 4ec85308379a..df52385ad436 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -1969,14 +1969,16 @@ static struct intel_vgpu_mm
*intel_vgpu_create_ggtt_mm(struct intel_vgpu *vgpu)
return ERR_PTR(-ENOMEM);
}
- mm->ggtt_mm.host_ggtt_aperture = vzalloc((vgpu_aperture_sz(vgpu) >>
PAGE_SHIFT) * sizeof(u64));
+ mm->ggtt_mm.host_ggtt_aperture =
+ vzalloc(array_size(vgpu_aperture_sz(vgpu) >> PAGE_SHIFT,
sizeof(u64)));
if (!mm->ggtt_mm.host_ggtt_aperture) {
vfree(mm->ggtt_mm.virtual_ggtt);
vgpu_free_mm(mm);
return ERR_PTR(-ENOMEM);
}
- mm->ggtt_mm.host_ggtt_hidden = vzalloc((vgpu_hidden_sz(vgpu) >>
PAGE_SHIFT) * sizeof(u64));
+ mm->ggtt_mm.host_ggtt_hidden =
+ vzalloc(array_size(vgpu_hidden_sz(vgpu) >> PAGE_SHIFT,
sizeof(u64)));
if (!mm->ggtt_mm.host_ggtt_hidden) {
vfree(mm->ggtt_mm.host_ggtt_aperture);
vfree(mm->ggtt_mm.virtual_ggtt);
