brcmfmac: use kcalloc() to prevent integer overflow

The multiplication here looks like it could overflow. I've changed it to use kcalloc() to prevent that. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>

brcmfmac: use kcalloc() to prevent integer overflow
The multiplication here looks like it could overflow. I've changed it to use kcalloc() to prevent that. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
58901d18 · Dan Carpenter · John W. Linville · 365d2ebc · 58901d18
Commit 58901d18 authored Sep 26, 2012 by Dan Carpenter Committed by John W. Linville Sep 28, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c +2 -2

No files found.
--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
@@ -3297,8 +3297,8 @@ brcmf_notify_sched_scan_results(struct brcmf_cfg80211_priv *cfg_priv,
 		int i;

 		request = kzalloc(sizeof(*request), GFP_KERNEL);
-		ssid = kzalloc(sizeof(*ssid) * result_count, GFP_KERNEL);
-		channel = kzalloc(sizeof(*channel) * result_count, GFP_KERNEL);
+		ssid = kcalloc(result_count, sizeof(*ssid), GFP_KERNEL);
+		channel = kcalloc(result_count, sizeof(*channel), GFP_KERNEL);
 		if (!request || !ssid || !channel) {
 			err = -ENOMEM;
 			goto out_err;