video: tegra: host: Fix overflow issue allocation
Mikko Perttunen [Fri, 27 Jan 2017 07:32:20 +0000 (09:32 +0200)]
Change kmalloc to kmalloc_array to prevent overflow issues
caused by large values supplied by user.

Based on "video: tegra: host: Fix overflow issues in allocation"
in nvhost/.

Coverity ID 27942
Bug 1856419

Change-Id: I5e96d0ec184543782dfe8814ad7e856b3b71221c
Signed-off-by: Mikko Perttunen <mperttunen@nvidia.com>
Reviewed-on: http://git-master/r/1295062
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/video/tegra/host/host1x/host1x.c

index 5631189..5222194 100644 (file)
@@ -206,11 +206,11 @@ static int nvhost_ioctl_ctrl_sync_fence_create(struct nvhost_ctrl_userctx *ctx,
                name[0] = '\0';
        }
 
-       pts = kmalloc(sizeof(*pts) * args->num_pts, GFP_KERNEL);
+       pts = kmalloc_array(args->num_pts, sizeof(*pts), GFP_KERNEL);
        if (!pts)
                return -ENOMEM;
 
-
+       /* Multiplication overflow would have errored in kmalloc_array */
        if (copy_from_user(pts, args_pts, sizeof(*pts) * args->num_pts)) {
                err = -EFAULT;
                goto out;