iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/video/fbdev
History
Kees Cook 9f645bcc56 video: uvesafb: Fix integer overflow in allocation 
cmap->len can get close to INT_MAX/2, allowing for an integer overflow in
allocation. This uses kmalloc_array() instead to catch the condition.

Reported-by: Dr Silvio Cesare of InfoSect <silvio.cesare@gmail.com>
Fixes: 8bdb3a2d7df48 ("uvesafb: the driver core")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00
..
aty
video: fbdev: aty128fb: use true and false for boolean values
2018-03-28 16:34:27 +02:00
core
proc: introduce proc_create_seq{,_data}
2018-05-16 07:23:35 +02:00
geode
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
2018-02-15 01:15:52 +01:00
i810
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
intelfb
video: fbdev: intelfb: deprecate pci_get_bus_and_slot()
2018-01-17 08:16:46 -06:00
kyro
video: fbdev: kyro: constify pci_device_id.
2017-08-01 17:20:42 +02:00
matrox
video: matroxfb: Delete an error message for a failed memory allocation in matroxfb_crtc2_probe()
2018-03-28 16:34:28 +02:00
mb862xx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mbx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mmp
video: fbdev/mmp: add MODULE_LICENSE
2018-01-15 17:04:22 +01:00
nvidia
video: fbdev: nvidia: deprecate pci_get_bus_and_slot()
2018-01-17 08:16:46 -06:00
omap
fbdev changes for v4.15:
2017-11-20 21:50:24 -10:00
omap2
drivers: omap2: Kconfig: make FB_OMAP2_DSS_INIT depend on OF
2018-05-04 08:27:04 -04:00
riva
video: fbdev: riva: deprecate pci_get_bus_and_slot()
2018-01-17 08:16:46 -06:00
savage
video: fbdev: savage: constify pci_device_id.
2017-08-01 17:20:42 +02:00
sis
video: fbdev: sis: avoid mismatched prototypes
2018-03-12 17:06:52 +01:00
vermilion
video: fbdev: vermilion: use 64-bit arithmetic instead of 32-bit
2018-03-12 17:06:54 +01:00
via
proc: introduce proc_create_single{,_data}
2018-05-16 07:23:35 +02:00
68328fb.c
video: fbdev: annotate fb_fix_screeninfo with const and __initconst
2017-09-04 16:00:49 +02:00
acornfb.c
drivers/video/fbdev: Fixing coding guidelines in acornfb.c
2017-04-07 17:03:24 +02:00
acornfb.h
amba-clcd-nomadik.c
fbdev changes for v4.11:
2017-02-25 13:20:22 -08:00
amba-clcd-nomadik.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
amba-clcd-versatile.c
video: ARM CLCD: use panel device node for panel initialization
2017-01-30 17:39:48 +01:00
amba-clcd-versatile.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
amba-clcd.c
video: ARM CLCD: Improve a size determination in clcdfb_probe()
2018-03-28 16:34:29 +02:00
amifb.c
video: fbdev: amifb: remove impossible condition
2017-02-08 16:44:00 +01:00
arcfb.c
Annotate hardware config module parameters in drivers/video/
2017-04-20 12:02:32 +01:00
arkfb.c
video: fbdev: arkfb: constify pci_device_id.
2017-08-01 17:20:42 +02:00
asiliantfb.c
video: fbdev: asiliantfb: constify pci_device_id.
2017-08-01 17:20:41 +02:00
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
atafb.c
atafb.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
atmel_lcdfb.c
video: fbdev: atmel_lcdfb: convert to use GPIO descriptors
2018-03-12 17:06:52 +01:00
au1100fb.c
video: au1100fb: Delete an unnecessary variable initialisation in au1100fb_drv_probe()
2018-03-28 16:34:29 +02:00
au1100fb.h
au1200fb.c
video: fbdev: au1200fb: Style clean up
2017-11-09 18:09:30 +01:00
au1200fb.h
fbdev: au1200fb: delete duplicate header contents
2018-01-04 16:53:49 +01:00
auo_k190x.c
fbdev changes for v4.16:
2018-02-07 13:10:43 -08:00
auo_k190x.h
auo_k1900fb.c
auo_k1901fb.c
broadsheetfb.c
bt431.h
bt455.h
bw2.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
c2p_core.h
c2p_iplan2.c
c2p_planar.c
c2p.h
carminefb_regs.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
carminefb.c
carminefb.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
cg3.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
cg6.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
cg14.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
chipsfb.c
video/chips: constify fb_fix_screeninfo and fb_var_screeninfo structures
2017-08-01 17:20:39 +02:00
cirrusfb.c
video: fbdev: cirrusfb: mark expected switch fall-throughs
2017-11-09 18:09:32 +01:00
clps711x-fb.c
video: clps711x-fb: Changing the compatibility string to match with the smallest supported chip
2016-07-06 17:38:19 +02:00
clps711xfb.c
cobalt_lcdfb.c
video: cobalt_lcdfb: constify fb_fix_screeninfo structure
2017-08-01 17:20:39 +02:00
controlfb.c
controlfb.h
fbdev: controlfb: Add missing modes to fix out of bounds access
2017-11-09 18:09:33 +01:00
cyber2000fb.c
video: fbdev: make fb_videomode const
2017-09-04 16:00:49 +02:00
cyber2000fb.h
da8xx-fb.c
fbdev: da8xx-fb: Drop unnecessary static
2017-08-01 17:20:39 +02:00
dnfb.c
video/fbdev/dnfb: Use common error handling code in dnfb_probe()
2017-11-09 18:09:31 +01:00
edid.h
efifb.c
efifb: Set info->fbcon_rotate_hint based on drm_get_panel_orientation_quirk
2017-12-04 23:03:21 +01:00
ep93xx-fb.c
fb-puv3.c
video: fbdev: make fb_var_screeninfo const
2017-09-04 16:00:50 +02:00
ffb.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
fm2fb.c
video: fm2fb: constify zorro_device_id
2017-09-04 16:00:49 +02:00
fsl-diu-fb.c
video: fsl-diu-fb: Delete an error message for a failed memory allocation in fsl_diu_init()
2018-03-28 16:34:28 +02:00
g364fb.c
gbefb.c
goldfishfb.c
video: goldfishfb: Add support for device tree bindings
2017-11-09 18:09:31 +01:00
grvga.c
video: fbdev: annotate fb_fix_screeninfo with const and __initconst
2017-09-04 16:00:49 +02:00
gxt4500.c
hecubafb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
hgafb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
hitfb.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
hpfb.c
hpfb: use probe_kernel_read()
2017-05-27 15:41:17 -04:00
hyperv_fb.c
i740_reg.h
i740fb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
imsttfb.c
video: fbdev: imsttfb: constify pci_device_id.
2017-08-01 17:20:43 +02:00
imxfb.c
video: fbdev: imxfb: use after free in imxfb_remove()
2017-07-31 18:45:41 +02:00
jz4740_fb.c
fbdev: jz4740-fb: Let the pinctrl driver configure the pins
2017-05-22 17:22:06 +02:00
Kconfig
fbdev changes for v4.17:
2018-04-10 10:20:00 -07:00
leo.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
macfb.c
nubus: Adopt standard linked list implementation
2018-01-16 16:47:29 +01:00
macmodes.c
macmodes.h
Makefile
fbdev: remove blackfin drivers
2018-03-26 15:56:44 +02:00
maxinefb.c
video: fbdev: make fb_var_screeninfo const
2017-09-04 16:00:50 +02:00
metronomefb.c
lib/vsprintf.c: remove %Z support
2017-02-27 18:43:47 -08:00
mx3fb.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
mxsfb.c
fbdev: mxsfb: use framebuffer_alloc in the correct way
2018-01-15 17:04:22 +01:00
n411.c
Annotate hardware config module parameters in drivers/video/
2017-04-20 12:02:32 +01:00
neofb.c
video: fbdev: neofb: constify pci_device_id.
2017-08-01 17:20:44 +02:00
nuc900fb.c
nuc900fb.h
ocfb.c
offb.c
video: offb: Deallocate the color map
2018-03-12 17:06:54 +01:00
p9100.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
platinumfb.c
platinumfb.h
pm2fb.c
video: fbdev: pm2fb: constify pci_device_id.
2017-08-01 17:20:43 +02:00
pm3fb.c
video: fbdev: pm3fb: constify pci_device_id.
2017-08-01 17:20:45 +02:00
pmag-aa-fb.c
video: fbdev: make fb_var_screeninfo const
2017-09-04 16:00:50 +02:00
pmag-ba-fb.c
video: fbdev: make fb_var_screeninfo const
2017-09-04 16:00:50 +02:00
pmagb-b-fb.c
video: fbdev: make fb_var_screeninfo const
2017-09-04 16:00:50 +02:00
ps3fb.c
video: fbdev: annotate fb_fix_screeninfo with const and __initconst
2017-09-04 16:00:49 +02:00
pvr2fb.c
pvr2fs: use get_user_pages_fast()
2017-09-22 23:14:36 -04:00
pxa3xx-gcu.c
fbdev: pxa3xx: use ktime_get_ts64 for time stamps
2018-01-04 16:53:49 +01:00
pxa3xx-gcu.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pxa168fb.c
pxa168fb.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pxafb.c
video: fbdev: pxafb: Handle return value of clk_prepare_enable
2017-06-14 17:40:56 +02:00
pxafb.h
q40fb.c
video: fbdev: make fb_var_screeninfo const
2017-09-04 16:00:50 +02:00
s1d13xxxfb.c
fbdev: s1d13xxxfb: remove m32r specific hacks
2018-03-26 15:56:46 +02:00
s3c2410fb.c
video: s3c2410fb: Register cpufreq notifier only on S3C24xx
2016-08-11 17:54:55 +03:00
s3c2410fb.h
video: s3c2410fb: Register cpufreq notifier only on S3C24xx
2016-08-11 17:54:55 +03:00
s3c-fb.c
video: fbdev: s3c-fb: remove dead platform code for Exynos and S5PV210 platforms
2018-03-28 16:34:29 +02:00
s3fb.c
video: fbdev: s3fb: constify pci_device_id.
2017-08-01 17:20:45 +02:00
sa1100fb.c
video: sa1100fb: move pseudo palette into sa1100fb_info structure
2017-10-17 16:01:13 +02:00
sa1100fb.h
video: sa1100fb: move pseudo palette into sa1100fb_info structure
2017-10-17 16:01:13 +02:00
sbuslib.c
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
2018-03-07 14:00:34 +01:00
sbuslib.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sh7760fb.c
sh_mobile_lcdcfb.c
video: fbdev: sh_mobile_lcdcfb: constify sh_mobile_lcdc_bl_ops.
2017-06-14 17:40:57 +02:00
sh_mobile_lcdcfb.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sh_mobile_meram.c
simplefb.c
video: fbdev: simplefb: Separate clk / regulator get and enable steps
2017-01-11 17:09:50 +01:00
skeletonfb.c
video: fbdev: annotate fb_fix_screeninfo with const and __initconst
2017-09-04 16:00:49 +02:00
sm501fb.c
video: fbdev: sm501fb: fix potential null pointer dereference on fbi
2017-11-17 17:21:48 +01:00
sm712.h
sm712fb.c
video: fbdev: sm712fb.c: fixed constant-left comparison warning
2017-08-01 17:20:38 +02:00
smscufx.c
video: smscufx: Delete an error message for a failed memory allocation in ufx_realloc_framebuffer()
2018-03-28 16:34:28 +02:00
ssd1307fb.c
video: ssd1307fb: Improve a size determination in ssd1307fb_probe()
2018-03-28 16:34:28 +02:00
sstfb.c
sticore.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
stifb.c
fbdev changes for v4.17:
2018-04-10 10:20:00 -07:00
sunxvr500.c
video: fbdev: sunxvr500: constify pci_device_id.
2017-08-01 17:20:43 +02:00
sunxvr1000.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
sunxvr2500.c
video: fbdev: sunxvr2500: constify pci_device_id.
2017-08-01 17:20:41 +02:00
tcx.c
video: fbdev: Convert to using %pOF instead of full_name
2017-08-07 17:22:13 +02:00
tdfxfb.c
video: fbdev: tdfx: constify pci_device_id.
2017-08-01 17:20:43 +02:00
tgafb.c
tmiofb.c
tridentfb.c
video: fbdev: tridentfb: constify pci_device_id.
2017-08-01 17:20:41 +02:00
udlfb.c
video: udlfb: Return an error code only as a constant in dlfb_realloc_framebuffer()
2018-03-28 16:34:27 +02:00
uvesafb.c
video: uvesafb: Fix integer overflow in allocation
2018-06-12 16:19:22 -07:00
valkyriefb.c
valkyriefb.h
vesafb.c
vfb.c
vfb: fix video mode and line_length being set when loaded
2018-01-04 16:53:50 +01:00
vga16fb.c
video: fbdev: remove redundant self assignment of 'height'
2017-12-29 19:48:43 +01:00
vt8500lcdfb.c
video/fbdev/vt8500lcdfb: Delete an error message for a failed memory allocation in vt8500lcd_probe()
2017-12-29 19:48:44 +01:00
vt8500lcdfb.h
vt8623fb.c
video: fbdev: vt8623fb: constify vt8623_timing_regs
2017-08-18 19:56:40 +02:00
w100fb.c
treewide: Use DEVICE_ATTR_RW
2018-01-09 16:33:31 +01:00
w100fb.h
wm8505fb_regs.h
wm8505fb.c
video/fbdev/wm8505fb: Delete an error message for a failed memory allocation in wm8505fb_probe()
2017-12-29 19:48:43 +01:00
wmt_ge_rops.c
wmt_ge_rops.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xen-fbfront.c
fbdev changes for v4.12:
2017-05-11 11:12:26 -07:00
xilinxfb.c
video: fbdev: Fix multiple style issues in xilinxfb
2017-08-21 16:49:57 +02:00