soundwire: use krealloc_array to prevent integer overflow

Replace the use of krealloc() with krealloc_array() in
sdw_add_element_group_count to mitigate the risk of integer overflow during
memory allocation size calculation.

Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Baoli.Zhang <baoli.zhang@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://patch.msgid.link/20260506055039.3751028-4-baoli.zhang@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>

diff --git a/drivers/soundwire/generic_bandwidth_allocation.c b/drivers/soundwire/generic_bandwidth_allocation.c
index cd9ccbaf0e46fda492e72c0cd3fc5d41ba411dc2..3575d69ce1c50c3899276988557068643c36ed81 100644 (file)
--- a/drivers/soundwire/generic_bandwidth_allocation.c
+++ b/drivers/soundwire/generic_bandwidth_allocation.c
@@ -308,17 +308,15 @@ static int sdw_add_element_group_count(struct sdw_group *group,
                unsigned int *rates;
                unsigned int *lanes;
 
-               rates = krealloc(group->rates,
-                                sizeof(int) * (group->max_size + 1),
-                                GFP_KERNEL);
+               rates = krealloc_array(group->rates, group->max_size + 1,
+                                      sizeof(*group->rates), GFP_KERNEL);
                if (!rates)
                        return -ENOMEM;
 
                group->rates = rates;
 
-               lanes = krealloc(group->lanes,
-                                sizeof(int) * (group->max_size + 1),
-                                GFP_KERNEL);
+               lanes = krealloc_array(group->lanes, group->max_size + 1,
+                                      sizeof(*group->lanes), GFP_KERNEL);
                if (!lanes)
                        return -ENOMEM;