1. Patchew
  2. linux
  3. View series

[PATCH] usb: misc: adutux: replace kmalloc() with kmalloc_array()

Ethan Carter Edwards posted 1 patch 9 months, 1 week ago 
drivers/usb/misc/adutux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] usb: misc: adutux: replace kmalloc() with kmalloc_array()
Posted by Ethan Carter Edwards 9 months, 1 week ago 
Replace kmalloc with internal multiplication with kmalloc_array to
improve code readability and prevent potential overflows.

Signed-off-by: Ethan Carter Edwards <ethan@ethancedwards.com>
---
 drivers/usb/misc/adutux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/misc/adutux.c b/drivers/usb/misc/adutux.c
index ed6a19254d2ff9fead898adad0b3996822e10167..000a3ade743258f381d85397395a43c28a8481cc 100644
--- a/drivers/usb/misc/adutux.c
+++ b/drivers/usb/misc/adutux.c
@@ -680,7 +680,7 @@ static int adu_probe(struct usb_interface *interface,
 	in_end_size = usb_endpoint_maxp(dev->interrupt_in_endpoint);
 	out_end_size = usb_endpoint_maxp(dev->interrupt_out_endpoint);
 
-	dev->read_buffer_primary = kmalloc((4 * in_end_size), GFP_KERNEL);
+	dev->read_buffer_primary = kmalloc_array(4, in_end_size, GFP_KERNEL);
 	if (!dev->read_buffer_primary)
 		goto error;
 
@@ -690,7 +690,7 @@ static int adu_probe(struct usb_interface *interface,
 	memset(dev->read_buffer_primary + (2 * in_end_size), 'c', in_end_size);
 	memset(dev->read_buffer_primary + (3 * in_end_size), 'd', in_end_size);
 
-	dev->read_buffer_secondary = kmalloc((4 * in_end_size), GFP_KERNEL);
+	dev->read_buffer_secondary = kmalloc_array(4, in_end_size, GFP_KERNEL);
 	if (!dev->read_buffer_secondary)
 		goto error;
 

---
base-commit: 37ff6e9a2ce321b7932d3987701757fb4d87b0e6
change-id: 20250503-adutux_kmalloc_array-c81b5d7c3b37

Best regards,
-- 
Ethan Carter Edwards <ethan@ethancedwards.com>
Re: [PATCH] usb: misc: adutux: replace kmalloc() with kmalloc_array()
Posted by Greg Kroah-Hartman 8 months, 3 weeks ago 
On Sat, May 03, 2025 at 04:43:21PM -0400, Ethan Carter Edwards wrote:
> Replace kmalloc with internal multiplication with kmalloc_array to
> improve code readability and prevent potential overflows.

But this is not an array of a structure size.

> 
> Signed-off-by: Ethan Carter Edwards <ethan@ethancedwards.com>
> ---
>  drivers/usb/misc/adutux.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/misc/adutux.c b/drivers/usb/misc/adutux.c
> index ed6a19254d2ff9fead898adad0b3996822e10167..000a3ade743258f381d85397395a43c28a8481cc 100644
> --- a/drivers/usb/misc/adutux.c
> +++ b/drivers/usb/misc/adutux.c
> @@ -680,7 +680,7 @@ static int adu_probe(struct usb_interface *interface,
>  	in_end_size = usb_endpoint_maxp(dev->interrupt_in_endpoint);
>  	out_end_size = usb_endpoint_maxp(dev->interrupt_out_endpoint);
>  
> -	dev->read_buffer_primary = kmalloc((4 * in_end_size), GFP_KERNEL);
> +	dev->read_buffer_primary = kmalloc_array(4, in_end_size, GFP_KERNEL);

This is a buffer and you need the size to be correct based on the
commands, right?  It's not an array of a structure, but rather a stream
of bytes.


>  	if (!dev->read_buffer_primary)
>  		goto error;
>  
> @@ -690,7 +690,7 @@ static int adu_probe(struct usb_interface *interface,
>  	memset(dev->read_buffer_primary + (2 * in_end_size), 'c', in_end_size);
>  	memset(dev->read_buffer_primary + (3 * in_end_size), 'd', in_end_size);
>  
> -	dev->read_buffer_secondary = kmalloc((4 * in_end_size), GFP_KERNEL);
> +	dev->read_buffer_secondary = kmalloc_array(4, in_end_size, GFP_KERNEL);

Same here.

I think the original code is just fine as there's no bug here or way it
can overflow, right?

thanks,

greg k-h

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.