iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
805a5c45ff
linux/drivers/video/fbdev/core
History
George Kennedy a49145acfb fbmem: add margin check to fb_check_caps() 
A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting
or yres setting in struct fb_var_screeninfo will result in a
KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as
the margins are being cleared. The margins are cleared in
chunks and if the xres setting or yres setting is a value of
zero upto the chunk size, the failure will occur.

Add a margin check to validate xres and yres settings.

Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Dhaval Giani <dhaval.giani@oracle.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com
2020-09-08 13:33:01 +02:00
..
bitblit.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
cfbcopyarea.c
cfbfillrect.c
cfbimgblt.c
fb_cmdline.c video/fbdev: refactor video= cmdline parsing 2019-02-08 19:24:47 +01:00
fb_ddc.c
fb_defio.c video: fb_defio: preserve user fb_ops 2019-12-03 11:10:19 +02:00
fb_draw.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fb_notify.c
fb_sys_fops.c
fbcmap.c fbdev: lock_fb_info cannot fail 2019-06-12 20:28:38 +02:00
fbcon_ccw.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
fbcon_cw.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
fbcon_rotate.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
fbcon_rotate.h fbcon: Make fbcon a built-time depency for fbdev 2017-08-01 17:32:07 +02:00
fbcon_ud.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
fbcon.c TTY/Serial patches for 5.9-rc1 2020-08-06 14:56:11 -07:00
fbcon.h fbcon: s/struct display/struct fbcon_display/ 2019-06-12 20:27:34 +02:00
fbcvt.c
fbmem.c fbmem: add margin check to fb_check_caps() 2020-09-08 13:33:01 +02:00
fbmon.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
fbsysfs.c fbmem: pull fbcon_update_vcs() out of fb_set_var() 2020-08-04 07:37:23 +02:00
Makefile fbdev: remove object duplication in Makefile 2020-01-15 17:31:52 +01:00
modedb.c fbdev: Ditch fb_edid_add_monspecs 2019-07-23 14:17:22 +02:00
softcursor.c fbcon: Make fbcon a built-time depency for fbdev 2017-08-01 17:32:07 +02:00
svgalib.c
syscopyarea.c
sysfillrect.c
sysimgblt.c
tileblit.c vt: use newly defined CUR_* macros 2020-06-24 17:08:33 +02:00