The vmemdup_user() function has no 2-factor argument form. Use array_size()
to check for the overflow.
Cc: Kees Cook <keesc...@chromium.org>
Signed-off-by: Denis Efremov <efre...@linux.com>
---
drivers/tty/vt/consolemap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index b28aa0d289f8..32acea9e8270 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -542,7 +542,7 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct
unipair __user *list)
if (!ct)
return 0;
- unilist = vmemdup_user(list, ct * sizeof(struct unipair));
+ unilist = vmemdup_user(list, array_size(sizeof(struct unipair), ct));
if (IS_ERR(unilist))
return PTR_ERR(unilist);
--
2.26.2
