* [patch] drbd: potential integer overflow in receive_SyncParam()
@ 2012-06-12 7:43 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2012-06-12 7:43 UTC (permalink / raw)
To: kernel-janitors
I believe this comes from the network so there is a risk of integer
overflow on 32 bit. Using kcalloc() is a little cleaner as well.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index ea4836e..1e27876 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -2902,7 +2902,7 @@ static int receive_SyncParam(struct drbd_conf *mdev, enum drbd_packets cmd, unsi
fifo_size = (mdev->sync_conf.c_plan_ahead * 10 * SLEEP_TIME) / HZ;
if (fifo_size != mdev->rs_plan_s.size && fifo_size > 0) {
- rs_plan_s = kzalloc(sizeof(int) * fifo_size, GFP_KERNEL);
+ rs_plan_s = kcalloc(fifo_size, sizeof(int), GFP_KERNEL);
if (!rs_plan_s) {
dev_err(DEV, "kmalloc of fifo_buffer failed");
goto disconnect;
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-06-12 7:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-12 7:43 [patch] drbd: potential integer overflow in receive_SyncParam() Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.