lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20260129093202.595963-1-jindongyang@kylinos.cn>
Date: Thu, 29 Jan 2026 17:32:02 +0800
From: jindongyang <jindongyang@...inos.cn>
To: gregkh@...uxfoundation.org
Cc: linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	jindongyang <jindongyang@...inos.cn>
Subject: [PATCH] drivers/usb: misc: use kmalloc_array() instead of kmalloc() to prevent overflow

Documentation/process/deprecated.rst recommends against the use of
kmalloc with dynamic size calculations due to the risk of overflow.

Replace kmalloc() with kmalloc_array() in adutux.c to make the
intended allocation size clearer and avoid potential overflow issues.

No functional change intended.

Signed-off-by: jindongyang <jindongyang@...inos.cn>
---
 drivers/usb/misc/adutux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/misc/adutux.c b/drivers/usb/misc/adutux.c
index ed6a19254d2f..000a3ade7432 100644
--- a/drivers/usb/misc/adutux.c
+++ b/drivers/usb/misc/adutux.c
@@ -680,7 +680,7 @@ static int adu_probe(struct usb_interface *interface,
 	in_end_size = usb_endpoint_maxp(dev->interrupt_in_endpoint);
 	out_end_size = usb_endpoint_maxp(dev->interrupt_out_endpoint);
 
-	dev->read_buffer_primary = kmalloc((4 * in_end_size), GFP_KERNEL);
+	dev->read_buffer_primary = kmalloc_array(4, in_end_size, GFP_KERNEL);
 	if (!dev->read_buffer_primary)
 		goto error;
 
@@ -690,7 +690,7 @@ static int adu_probe(struct usb_interface *interface,
 	memset(dev->read_buffer_primary + (2 * in_end_size), 'c', in_end_size);
 	memset(dev->read_buffer_primary + (3 * in_end_size), 'd', in_end_size);
 
-	dev->read_buffer_secondary = kmalloc((4 * in_end_size), GFP_KERNEL);
+	dev->read_buffer_secondary = kmalloc_array(4, in_end_size, GFP_KERNEL);
 	if (!dev->read_buffer_secondary)
 		goto error;
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ