[PATCH 4/5] fbmem: Prevent invalid virtual screen sizes in fb_set_var()
Geert Uytterhoeven
geert at linux-m68k.org
Thu Jun 30 19:11:39 UTC 2022
Hi Helge,
On Wed, Jun 29, 2022 at 10:00 PM Helge Deller <deller at gmx.de> wrote:
> Prevent that drivers configure a virtual screen resolution smaller than
> the physical screen resolution. This is important, because otherwise we
> may access memory outside of the graphics memory area.
>
> Signed-off-by: Helge Deller <deller at gmx.de>
> Cc: stable at vger.kernel.org # v5.4+
Thanks for your patch!
> --- a/drivers/video/fbdev/core/fbmem.c
> +++ b/drivers/video/fbdev/core/fbmem.c
> @@ -1006,6 +1006,12 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var)
> if (var->xres < 8 || var->yres < 8)
> return -EINVAL;
>
> + /* make sure virtual resolution >= physical resolution */
> + if (WARN_ON(var->xres_virtual < var->xres))
> + var->xres_virtual = var->xres;
> + if (WARN_ON(var->yres_virtual < var->yres))
> + var->yres_virtual = var->yres;
This should be moved below the call to info->fbops->fb_check_var(),
so the WARN_ON() catches buggy fbdev drivers, not userspace fuzzers.
> +
> /* Too huge resolution causes multiplication overflow. */
> if (check_mul_overflow(var->xres, var->yres, &unused) ||
> check_mul_overflow(var->xres_virtual, var->yres_virtual, &unused))
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
More information about the dri-devel
mailing list