asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

brcmfmac: use kcalloc() to prevent integer overflow

Browse source 
The multiplication here looks like it could overflow.  I've changed it
to use kcalloc() to prevent that.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Dan Carpenter 2012-09-26 10:21:48 +03:00 committed by John W. Linville
parent 365d2ebcab
commit 58901d181f
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
View file

@ -3297,8 +3297,8 @@ brcmf_notify_sched_scan_results(struct brcmf_cfg80211_priv *cfg_priv,
int i;
request = kzalloc(sizeof(*request), GFP_KERNEL);
ssid = kzalloc(sizeof(*ssid) * result_count, GFP_KERNEL);
channel = kzalloc(sizeof(*channel) * result_count, GFP_KERNEL);
ssid = kcalloc(result_count, sizeof(*ssid), GFP_KERNEL);
channel = kcalloc(result_count, sizeof(*channel), GFP_KERNEL);
if (!request || !ssid || !channel) {
err = -ENOMEM;
goto out_err;