github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-13 17:28:30 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
6446325351
linux/drivers/video/fbdev
History
Tetsuo Handa 2b537106bc video: fbdev: fix OOB read in vga_8planes_imageblit() 
commit bd018a6a75 upstream.

syzbot is reporting OOB read at vga_8planes_imageblit() [1], for
"cdat[y] >> 4" can become a negative value due to "const char *cdat".

[1] https://syzkaller.appspot.com/bug?id=0d7a0da1557dcd1989e00cb3692b26d4173b4132

Reported-by: syzbot <syzbot+69fbd3e01470f169c8c4@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/90b55ec3-d5b0-3307-9f7c-7ff5c5fd6ad3@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-09-17 13:45:30 +02:00
..
aty mach64: fix image corruption due to reading accelerator registers 2018-11-21 09:19:17 +01:00
core fbcon: remove now unusued 'softback_lines' cursor() argument 2020-09-17 13:45:30 +02:00
geode
i810
intelfb
kyro
matrox
mb862xx
mbx
mmp
nvidia
omap
omap2 omapfb: fix multiple reference count leaks due to pm_runtime_get_sync 2020-09-03 11:24:20 +02:00
riva
savage
sis video: fbdev: sis: Remove unnecessary parentheses and commented code 2020-04-23 10:30:15 +02:00
vermilion
via
68328fb.c
acornfb.c
acornfb.h
amba-clcd-nomadik.c
amba-clcd-nomadik.h
amba-clcd-versatile.c
amba-clcd-versatile.h
amba-clcd.c
amifb.c
arcfb.c
arkfb.c
asiliantfb.c
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atafb.c
atafb.h
atmel_lcdfb.c atmel_lcdfb: support native-mode display-timings 2019-11-24 08:20:35 +01:00
au1100fb.c
au1100fb.h
au1200fb.c
au1200fb.h
broadsheetfb.c
bt431.h
bt455.h
bw2.c
c2p_core.h
c2p_iplan2.c
c2p_planar.c
c2p.h
carminefb_regs.h
carminefb.c
carminefb.h
cg3.c
cg6.c
cg14.c
chipsfb.c fbdev: chipsfb: remove set but not used variable 'size' 2020-01-27 14:50:21 +01:00
cirrusfb.c
clps711x-fb.c video: clps711x-fb: release disp device node in probe() 2019-02-12 19:47:15 +01:00
clps711xfb.c
cobalt_lcdfb.c
controlfb.c
controlfb.h
cyber2000fb.c
cyber2000fb.h
da8xx-fb.c
dnfb.c
edid.h
efifb.c efi: avoid error message when booting under Xen 2020-08-26 10:31:05 +02:00
ep93xx-fb.c
fb-puv3.c
ffb.c
fm2fb.c
fsl-diu-fb.c
g364fb.c
gbefb.c
goldfishfb.c
grvga.c
gxt4500.c
hecubafb.c
hgafb.c video: hgafb: fix potential NULL pointer dereference 2019-06-15 11:54:10 +02:00
hitfb.c
hpfb.c
hyperv_fb.c
i740_reg.h
i740fb.c
imsttfb.c video: imsttfb: fix potential NULL pointer dereferences 2019-06-15 11:54:10 +02:00
imxfb.c
jz4740_fb.c
Kconfig fbdev: fix broken menu dependencies 2019-11-24 08:20:37 +01:00
leo.c
macfb.c
macmodes.c
macmodes.h
Makefile
maxinefb.c
metronomefb.c
mx3fb.c
mxsfb.c
n411.c
neofb.c video: fbdev: neofb: fix memory leak in neo_scan_monitor() 2020-08-19 08:14:51 +02:00
nuc900fb.c
nuc900fb.h
ocfb.c
offb.c
p9100.c
platinumfb.c
platinumfb.h
pm2fb.c
pm3fb.c
pmag-aa-fb.c
pmag-ba-fb.c
pmagb-b-fb.c
ps3fb.c
pvr2fb.c
pxa3xx-gcu.c
pxa3xx-gcu.h
pxa168fb.c pxa168fb: Fix the function used to release some memory in an error handling path 2020-02-24 08:34:36 +01:00
pxa168fb.h
pxafb.c video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call 2020-08-19 08:14:54 +02:00
pxafb.h
q40fb.c
s1d13xxxfb.c
s3c-fb.c
s3c2410fb.c
s3c2410fb.h
s3fb.c
sa1100fb.c
sa1100fb.h
sbuslib.c fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() 2019-11-24 08:20:36 +01:00
sbuslib.h
sh_mobile_lcdcfb.c
sh_mobile_lcdcfb.h
sh7760fb.c
simplefb.c
skeletonfb.c
sm501fb.c
sm712.h fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display 2019-05-25 18:23:36 +02:00
sm712fb.c video: fbdev: sm712fb: fix an issue about iounmap for a wrong address 2020-08-19 08:14:54 +02:00
smscufx.c
ssd1307fb.c video: ssd1307fb: Start page range at page_offset 2019-10-07 18:56:30 +02:00
sstfb.c
sticore.h
stifb.c
sunxvr500.c
sunxvr1000.c
sunxvr2500.c
tcx.c
tdfxfb.c
tgafb.c
tmiofb.c
tridentfb.c
udlfb.c udlfb: fix some inconsistent NULL checking 2019-05-31 06:46:02 -07:00
uvesafb.c
valkyriefb.c
valkyriefb.h
vesafb.c
vfb.c
vga16fb.c video: fbdev: fix OOB read in vga_8planes_imageblit() 2020-09-17 13:45:30 +02:00
vt8500lcdfb.c
vt8500lcdfb.h
vt8623fb.c
w100fb.c video: fbdev: w100fb: Fix a potential double free. 2020-06-22 09:05:06 +02:00
w100fb.h
wm8505fb_regs.h
wm8505fb.c
wmt_ge_rops.c
wmt_ge_rops.h
xen-fbfront.c
xilinxfb.c