drivers/bluetooth: btbcm: Use kmalloc_array() to prevent overflow

Replace the open-coded multiplication in kmalloc() with a call
to kmalloc_array() to prevent potential integer overflows.

This is a mechanical change, replacing BCM_FW_NAME_LEN with
the type-safe sizeof(*fw_name) as the element size

Signed-off-by: Ayaan Mirza Baig <ayaanmirzabaig85@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c
index 3a3a56ddbb06d05f4b7572d0c90ff90fa60ced6f..d33cc70eec66206a0455d490da9598232e619bd7 100644 (file)
--- a/drivers/bluetooth/btbcm.c
+++ b/drivers/bluetooth/btbcm.c
@@ -642,7 +642,9 @@ int btbcm_initialize(struct hci_dev *hdev, bool *fw_load_done, bool use_autobaud
                snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid);
        }
 
-       fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL);
+       fw_name = kmalloc_array(BCM_FW_NAME_COUNT_MAX,
+               sizeof(*fw_name),
+               GFP_KERNEL);
        if (!fw_name)
                return -ENOMEM;