On Thu, Jun 02, 2022 at 10:06:28PM +0200, Helge Deller wrote: > The user may use the fbcon=vc:<n1>-<n2> option to tell fbcon to take > over the given range (n1...n2) of consoles. The value for n1 and n2 > needs to be a positive number and up to (MAX_NR_CONSOLES - 1). > The given values were not fully checked against those boundaries yet. > > To fix the issue, convert first_fb_vc and last_fb_vc to unsigned > integers and check them against the upper boundary, and make sure that > first_fb_vc is smaller than last_fb_vc. > > Signed-off-by: Helge Deller <del...@gmx.de> > Cc: sta...@vger.kernel.org
Reviewed-by: Daniel Vetter <daniel.vet...@ffwll.ch> > > diff --git a/drivers/video/fbdev/core/fbcon.c > b/drivers/video/fbdev/core/fbcon.c > index 2fc1b80a26ad..c2f9e5711c39 100644 > --- a/drivers/video/fbdev/core/fbcon.c > +++ b/drivers/video/fbdev/core/fbcon.c > @@ -115,8 +115,8 @@ static int logo_lines; > enums. */ > static int logo_shown = FBCON_LOGO_CANSHOW; > /* console mappings */ > -static int first_fb_vc; > -static int last_fb_vc = MAX_NR_CONSOLES - 1; > +static unsigned int first_fb_vc; > +static unsigned int last_fb_vc = MAX_NR_CONSOLES - 1; > static int fbcon_is_default = 1; > static int primary_device = -1; > static int fbcon_has_console_bind; > @@ -464,10 +464,12 @@ static int __init fb_console_setup(char *this_opt) > options += 3; > if (*options) > first_fb_vc = simple_strtoul(options, &options, > 10) - 1; > - if (first_fb_vc < 0) > + if (first_fb_vc >= MAX_NR_CONSOLES) > first_fb_vc = 0; > if (*options++ == '-') > last_fb_vc = simple_strtoul(options, &options, > 10) - 1; > + if (last_fb_vc < first_fb_vc || last_fb_vc >= > MAX_NR_CONSOLES) > + last_fb_vc = MAX_NR_CONSOLES - 1; > fbcon_is_default = 0; > continue; > } -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
