From 00b0ba56cffb40477add0e75798877b56d323d52 Mon Sep 17 00:00:00 2001
From: Guilherme Amadio <amadio@cern.ch>
Date: Tue, 26 Nov 2024 12:42:07 +0100
Subject: [PATCH] [XrdEc] Fix CodeQL warning about overflow before conversion
 to size_t

The multiplication of int * int might be bigger than an int can hold,
but still fits in a size_t. Convert before multiplying to ensure no
overflow.
---
 src/XrdEc/XrdEcRedundancyProvider.cc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/XrdEc/XrdEcRedundancyProvider.cc b/src/XrdEc/XrdEcRedundancyProvider.cc
index fe899751ac4..ad1e6467c96 100644
--- a/src/XrdEc/XrdEcRedundancyProvider.cc
+++ b/src/XrdEc/XrdEcRedundancyProvider.cc
@@ -87,10 +87,11 @@ static int gf_gen_decode_matrix(
   unsigned char* invert_matrix, * backup, * b, s;
   int incr = 0;
 
-  std::vector<unsigned char> memory((size_t) (m * k * 3));
+  size_t mk = (size_t)m * (size_t)k;
+  std::vector<unsigned char> memory(3 * mk);
   b = &memory[0];
-  backup = &memory[m * k];
-  invert_matrix = &memory[2 * m * k];
+  backup = &memory[mk];
+  invert_matrix = &memory[2 * mk];
 
   // Construct matrix b by removing error rows
   for (i = 0, r = 0; i < k; i++, r++) {
@@ -109,7 +110,7 @@ static int gf_gen_decode_matrix(
       return -1;
     }
     incr++;
-    memcpy(b, backup, (size_t) (m * k));
+    memcpy(b, backup, mk);
     for (i = nsrcerrs; i < nerrs - nsrcerrs; i++) {
       if (src_err_list[i] == (decode_index[k - 1] + incr)) {
         // skip the erased parity line