[Drbd-dev] [patch] drbd: potential integer overflow in receive_SyncParam()
Dan Carpenter
dan.carpenter at oracle.com
Tue Jun 12 09:43:11 CEST 2012
I believe this comes from the network so there is a risk of integer
overflow on 32 bit. Using kcalloc() is a little cleaner as well.
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index ea4836e..1e27876 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -2902,7 +2902,7 @@ static int receive_SyncParam(struct drbd_conf *mdev, enum drbd_packets cmd, unsi
fifo_size = (mdev->sync_conf.c_plan_ahead * 10 * SLEEP_TIME) / HZ;
if (fifo_size != mdev->rs_plan_s.size && fifo_size > 0) {
- rs_plan_s = kzalloc(sizeof(int) * fifo_size, GFP_KERNEL);
+ rs_plan_s = kcalloc(fifo_size, sizeof(int), GFP_KERNEL);
if (!rs_plan_s) {
dev_err(DEV, "kmalloc of fifo_buffer failed");
goto disconnect;
More information about the drbd-dev
mailing list