Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

drivers/bluetooth: btbcm: Use kmalloc_array() to prevent overflow 

Replace the open-coded multiplication in kmalloc() with a call
to kmalloc_array() to prevent potential integer overflows.

This is a mechanical change, replacing BCM_FW_NAME_LEN with
the type-safe sizeof(*fw_name) as the element size

Signed-off-by: Ayaan Mirza Baig <ayaanmirzabaig85@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
Ayaan Mirza Baig 2025-11-11 19:50:41 +05:30 committed by Luiz Augusto von Dentz
parent bc6f557b33
commit 6f7cf13ef6
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/bluetooth/btbcm.c
View File

@ -642,7 +642,9 @@ int btbcm_initialize(struct hci_dev *hdev, bool *fw_load_done, bool use_autobaud
snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid); snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid);
} }
fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL); fw_name = kmalloc_array(BCM_FW_NAME_COUNT_MAX,
sizeof(*fw_name),
GFP_KERNEL);
if (!fw_name) if (!fw_name)
return -ENOMEM; return -ENOMEM;