[v4] vgacon: Fix a UAF in vgacon_invert_region
Linus Torvalds
torvalds at linux-foundation.org
Fri Mar 6 13:24:05 UTC 2020
On Fri, Mar 6, 2020 at 7:12 AM Daniel Vetter <daniel at ffwll.ch> wrote:
>
> I'll stuff it into a pull and throw that your way, that's simplest.
Thanks.
> btw we did add dri-devel to lore a while back, so should be there:
Indeed. I tried (incompetently) to look up your message ID, but I
didn't put the dri-devel part and saw the 404, and assumed it wasn't
there.
My bad.
> > It does strike me that there's nothing that seems to check for
> > overflow in the "(width << 1) * height" calculation. Hmm?
>
> Indeed I failed to hunt for that :-/ But I think we're good, in
> vc_do_resize() we have
>
> if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW)
> return -EINVAL;
Perfect. I just looked at the quoted patch itself.
Linus
More information about the dri-devel
mailing list