Commit 58901d18 authored by Dan Carpenter's avatar Dan Carpenter Committed by John W. Linville
Browse files

brcmfmac: use kcalloc() to prevent integer overflow



The multiplication here looks like it could overflow.  I've changed it
to use kcalloc() to prevent that.
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarArend van Spriel <arend@broadcom.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 365d2ebc
...@@ -3297,8 +3297,8 @@ brcmf_notify_sched_scan_results(struct brcmf_cfg80211_priv *cfg_priv, ...@@ -3297,8 +3297,8 @@ brcmf_notify_sched_scan_results(struct brcmf_cfg80211_priv *cfg_priv,
int i; int i;
request = kzalloc(sizeof(*request), GFP_KERNEL); request = kzalloc(sizeof(*request), GFP_KERNEL);
ssid = kzalloc(sizeof(*ssid) * result_count, GFP_KERNEL); ssid = kcalloc(result_count, sizeof(*ssid), GFP_KERNEL);
channel = kzalloc(sizeof(*channel) * result_count, GFP_KERNEL); channel = kcalloc(result_count, sizeof(*channel), GFP_KERNEL);
if (!request || !ssid || !channel) { if (!request || !ssid || !channel) {
err = -ENOMEM; err = -ENOMEM;
goto out_err; goto out_err;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment