Message ID | 20230623211457.102544-21-Julia.Lawall@inria.fr (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | use array_size | expand |
On Fri, 23 Jun 2023, Julia Lawall wrote: > Use array_size to protect against multiplication overflows. > > The changes were done using the following Coccinelle semantic patch: > > // <smpl> > @@ > size_t e1,e2; > expression COUNT; > identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc}; > @@ > > ( > alloc( > - (e1) * (e2) > + array_size(e1, e2) > ,...) > | > alloc( > - (e1) * (COUNT) > + array_size(COUNT, e1) > ,...) > ) > // </smpl> > > Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> > > --- > drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c b/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c > index 829df395c2ed..c72fc8111a11 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c > @@ -88,7 +88,7 @@ int vmw_devcaps_create(struct vmw_private *vmw) > uint32_t i; > > if (gb_objects) { > - vmw->devcaps = vzalloc(sizeof(uint32_t) * SVGA3D_DEVCAP_MAX); > + vmw->devcaps = vzalloc(array_size(SVGA3D_DEVCAP_MAX, sizeof(uint32_t))); > if (!vmw->devcaps) > return -ENOMEM; > for (i = 0; i < SVGA3D_DEVCAP_MAX; ++i) { Hello, I think this patch can be dropped, since it's a multiplication of two constants and no overflow should be possible. julia
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c b/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c index 829df395c2ed..c72fc8111a11 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c @@ -88,7 +88,7 @@ int vmw_devcaps_create(struct vmw_private *vmw) uint32_t i; if (gb_objects) { - vmw->devcaps = vzalloc(sizeof(uint32_t) * SVGA3D_DEVCAP_MAX); + vmw->devcaps = vzalloc(array_size(SVGA3D_DEVCAP_MAX, sizeof(uint32_t))); if (!vmw->devcaps) return -ENOMEM; for (i = 0; i < SVGA3D_DEVCAP_MAX; ++i) {
Use array_size to protect against multiplication overflows. The changes were done using the following Coccinelle semantic patch: // <smpl> @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc}; @@ ( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> --- drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)