github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 23:23:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8fb08b7fe0
linux/drivers/video/fbdev/core
History
Tetsuo Handa 4c00435cb8 fbmem: don't allow too huge resolutions 
commit 8c28051cdc upstream.

syzbot is reporting page fault at vga16fb_fillrect() [1], for
vga16fb_check_var() is failing to detect multiplication overflow.

  if (vxres * vyres > maxmem) {
    vyres = maxmem / vxres;
    if (vyres < yres)
      return -ENOMEM;
  }

Since no module would accept too huge resolutions where multiplication
overflow happens, let's reject in the common path.

Link: https://syzkaller.appspot.com/bug?extid=04168c8063cfdde1db5e [1]
Reported-by: syzbot <syzbot+04168c8063cfdde1db5e@syzkaller.appspotmail.com>
Debugged-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/185175d6-227a-7b55-433d-b070929b262c@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-09-15 09:50:48 +02:00
..
bitblit.c fbcon: remove now unusued 'softback_lines' cursor() argument 2020-09-14 10:06:15 -07:00
cfbcopyarea.c
cfbfillrect.c
cfbimgblt.c
fb_cmdline.c video/fbdev: refactor video= cmdline parsing 2019-02-08 19:24:47 +01:00
fb_ddc.c
fb_defio.c video: fb_defio: preserve user fb_ops 2019-12-03 11:10:19 +02:00
fb_draw.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fb_notify.c
fb_sys_fops.c
fbcmap.c fbdev: zero-fill colormap in fbcmap.c 2021-05-11 14:47:16 +02:00
fbcon_ccw.c fbcon: remove now unusued 'softback_lines' cursor() argument 2020-09-14 10:06:15 -07:00
fbcon_cw.c fbcon: remove now unusued 'softback_lines' cursor() argument 2020-09-14 10:06:15 -07:00
fbcon_rotate.c fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h 2020-09-25 10:28:18 +02:00
fbcon_rotate.h fbcon: Make fbcon a built-time depency for fbdev 2017-08-01 17:32:07 +02:00
fbcon_ud.c fbcon: remove now unusued 'softback_lines' cursor() argument 2020-09-14 10:06:15 -07:00
fbcon.c tty: vt: always invoke vc->vc_sw->con_resize callback 2021-05-26 12:06:56 +02:00
fbcon.h drm-misc-fixes for v5.9: 2020-10-06 12:38:28 +10:00
fbcvt.c
fbmem.c fbmem: don't allow too huge resolutions 2021-09-15 09:50:48 +02:00
fbmon.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
fbsysfs.c fbmem: pull fbcon_update_vcs() out of fb_set_var() 2020-08-04 07:37:23 +02:00
Makefile fbdev: remove object duplication in Makefile 2020-01-15 17:31:52 +01:00
modedb.c fbdev: Ditch fb_edid_add_monspecs 2019-07-23 14:17:22 +02:00
softcursor.c fbcon: Make fbcon a built-time depency for fbdev 2017-08-01 17:32:07 +02:00
svgalib.c
syscopyarea.c
sysfillrect.c
sysimgblt.c
tileblit.c drm-misc-fixes for v5.9: 2020-10-06 12:38:28 +10:00