drivers/bluetooth: btbcm: Use kmalloc_array() to prevent overflow

Replace the open-coded multiplication in kmalloc() with a call
to kmalloc_array() to prevent potential integer overflows.

This is a mechanical change, replacing BCM_FW_NAME_LEN with
the type-safe sizeof(*fw_name) as the element size

Signed-off-by: Ayaan Mirza Baig <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

Author: gitcomit8

drivers/bluetooth/btbcm.c

@@ -642,7 +642,9 @@ int btbcm_initialize(struct hci_dev *hdev, bool *fw_load_done, bool use_autobaud
 		snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid);
 	}
 
-	fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL);
+	fw_name = kmalloc_array(BCM_FW_NAME_COUNT_MAX,
+		sizeof(*fw_name),
+		GFP_KERNEL);
 	if (!fw_name)
 		return -ENOMEM;