| Message ID | 20230623211457.102544-7-Julia.Lawall@inria.fr (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | use array_size | expand |
On Fri, Jun 23, 2023 at 2:15 PM Julia Lawall <Julia.Lawall@inria.fr> wrote: > > Use array_size to protect against multiplication overflows. > > The changes were done using the following Coccinelle semantic patch: > > // <smpl> > @@ > size_t e1,e2; > expression COUNT; > identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc}; > @@ > > ( > alloc( > - (e1) * (e2) > + array_size(e1, e2) > ,...) > | > alloc( > - (e1) * (COUNT) > + array_size(COUNT, e1) > ,...) > ) > // </smpl> > > Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> Thanks for sending this out! Acked-by: John Stultz <jstultz@google.com>
diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c index ee7059399e9c..fb7867599874 100644 --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -221,7 +221,7 @@ static void *system_heap_do_vmap(struct system_heap_buffer *buffer) { struct sg_table *table = &buffer->sg_table; int npages = PAGE_ALIGN(buffer->len) / PAGE_SIZE; - struct page **pages = vmalloc(sizeof(struct page *) * npages); + struct page **pages = vmalloc(array_size(npages, sizeof(struct page *))); struct page **tmp = pages; struct sg_page_iter piter; void *vaddr;
Use array_size to protect against multiplication overflows. The changes were done using the following Coccinelle semantic patch: // <smpl> @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc}; @@ ( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> --- drivers/dma-buf/heaps/system_heap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)