kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/drivers/video/fbdev/core
History
Tetsuo Handa ec0972adec fbcon: Fix user font detection test at fbcon_resize(). 
syzbot is reporting OOB read at fbcon_resize() [1], for
commit 39b3cffb8c ("fbcon: prevent user font height or width change
 from causing potential out-of-bounds access") is by error using
registered_fb[con2fb_map[vc->vc_num]]->fbcon_par->p->userfont (which was
set to non-zero) instead of fb_display[vc->vc_num].userfont (which remains
zero for that display).

We could remove tricky userfont flag [2], for we can determine it by
comparing address of the font data and addresses of built-in font data.
But since that commit is failing to fix the original OOB read [3], this
patch keeps the change minimal in case we decide to revert altogether.

[1] https://syzkaller.appspot.com/bug?id=ebcbbb6576958a496500fee9cf7aa83ea00b5920
[2] https://syzkaller.appspot.com/text?tag=Patch&x=14030853900000
[3] https://syzkaller.appspot.com/bug?id=6fba8c186d97cf1011ab17660e633b1cc4e080c9

Reported-by: syzbot <syzbot+b38b1ef6edf0c74a8d97@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 39b3cffb8c ("fbcon: prevent user font height or width change from causing potential out-of-bounds access")
Cc: George Kennedy <george.kennedy@oracle.com>
Link: https://lore.kernel.org/r/f6e3e611-8704-1263-d163-f52c906a4f06@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-09-16 14:35:51 +02:00
..
bitblit.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
cfbcopyarea.c framebuffer: fix screen corruption when copying 2014-09-30 13:39:50 +03:00
cfbfillrect.c
cfbimgblt.c
fb_cmdline.c video/fbdev: refactor video= cmdline parsing 2019-02-08 19:24:47 +01:00
fb_ddc.c fb_ddc: Allow I2C adapters without SCL read capability 2015-09-30 10:46:55 +03:00
fb_defio.c video: fb_defio: preserve user fb_ops 2019-12-03 11:10:19 +02:00
fb_draw.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fb_notify.c
fb_sys_fops.c
fbcmap.c fbdev: lock_fb_info cannot fail 2019-06-12 20:28:38 +02:00
fbcon.c fbcon: Fix user font detection test at fbcon_resize(). 2020-09-16 14:35:51 +02:00
fbcon.h fbcon: s/struct display/struct fbcon_display/ 2019-06-12 20:27:34 +02:00
fbcon_ccw.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
fbcon_cw.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
fbcon_rotate.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
fbcon_rotate.h fbcon: Make fbcon a built-time depency for fbdev 2017-08-01 17:32:07 +02:00
fbcon_ud.c Linux 5.8-rc7 2020-07-27 12:40:56 +02:00
fbcvt.c fbdev: fix CVT vertical front and back porch values 2015-01-27 13:35:37 +02:00
fbmem.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
fbmon.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
fbsysfs.c fbmem: pull fbcon_update_vcs() out of fb_set_var() 2020-08-04 07:37:23 +02:00
Makefile fbdev: remove object duplication in Makefile 2020-01-15 17:31:52 +01:00
modedb.c fbdev: Ditch fb_edid_add_monspecs 2019-07-23 14:17:22 +02:00
softcursor.c fbcon: Make fbcon a built-time depency for fbdev 2017-08-01 17:32:07 +02:00
svgalib.c
syscopyarea.c video: fbdev: fix sys_copyarea 2015-01-30 09:46:59 +02:00
sysfillrect.c
sysimgblt.c
tileblit.c vt: use newly defined CUR_* macros 2020-06-24 17:08:33 +02:00