Re: [PATCH v3 2/3] staging: media: atomisp: use kvmalloc_objs() for overflow-safe allocation

Next message: suryasaimadhu: "[PATCH] staging: sm750fb: fix const pointer declaration"
Previous message: Vlastimil Babka (SUSE): "Re: [PATCH 1/6] mm/page_owner: extract skip_buddy_pages() helper to unify buddy page skipping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Thu Jun 25 2026 - 03:14:26 EST

On Tue, Jun 23, 2026 at 07:09:27PM -0300, Rodrigo Gobbi wrote:

> Replace open-coded width * height * sizeof() multiplications with
> kvmalloc_objs() and array_size() to prevent integer overflow in buffer
> allocations.
>
> The atomisp driver computes DVS and statistics buffer sizes using
> unchecked arithmetic. When dimensions are large, the product can
> silently wrap, causing kvmalloc() to allocate an undersized buffer.
>
> kvmalloc_objs() uses size_mul() internally, which saturates to SIZE_MAX
> on overflow, so kvmalloc() returns NULL instead of succeeding with too
> few bytes. array_size() provides the same overflow protection for the
> two-factor dimension products.
>
> Suggested-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
> Signed-off-by: Feng Ning <feng@xxxxxxxxx>

> [rodrigo: rebased; convert only the sites left open-coded after
> commit d178c7ca8fef]

Thanks, you can keep this on a single line

[rodrigo: rebased; convert only the sites left open-coded after commit d178c7ca8fef]

> Signed-off-by: Rodrigo Gobbi <rodrigo.gobbi.7@xxxxxxxxx>

--
With Best Regards,
Andy Shevchenko