Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 58901d18 authored by Dan Carpenter's avatar Dan Carpenter Committed by John W. Linville
Browse files

brcmfmac: use kcalloc() to prevent integer overflow 



The multiplication here looks like it could overflow.  I've changed it
to use kcalloc() to prevent that.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarArend van Spriel <arend@broadcom.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 365d2ebc

drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c

+2 −2
Original line number Diff line number Diff line
@@ -3297,8 +3297,8 @@ brcmf_notify_sched_scan_results(struct brcmf_cfg80211_priv *cfg_priv, 
		int i;



		request = kzalloc(sizeof(*request), GFP_KERNEL);

		ssid = kzalloc(sizeof(*ssid) * result_count, GFP_KERNEL);

		channel = kzalloc(sizeof(*channel) * result_count, GFP_KERNEL);

		ssid = kcalloc(result_count, sizeof(*ssid), GFP_KERNEL);

		channel = kcalloc(result_count, sizeof(*channel), GFP_KERNEL);

		if (!request || !ssid || !channel) {

			err = -ENOMEM;

			goto out_err;