On 30. 07. 22, 20:49, Helge Deller wrote:
The line and column numbers for the selection need to start at 1.
Add the checks to prevent invalid input.
Signed-off-by: Helge Deller <del...@gmx.de>
Reported-by: syzbot+14b0e8f3fd1612e35...@syzkaller.appspotmail.com
diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c
index f7755e73696e..58692a9b4097 100644
--- a/drivers/tty/vt/selection.c
+++ b/drivers/tty/vt/selection.c
@@ -326,6 +326,9 @@ static int vc_selection(struct vc_data *vc, struct
tiocl_selection *v,
return 0;
}
+ if (!v->xs || !v->ys || !v->xe || !v->ye)
+ return -EINVAL;
Hmm, I'm not sure about this. It potentially breaks userspace (by
returning EINVAL now). And the code below should handle this just fine,
right:
+
v->xs = min_t(u16, v->xs - 1, vc->vc_cols - 1);
v->ys = min_t(u16, v->ys - 1, vc->vc_rows - 1);
v->xe = min_t(u16, v->xe - 1, vc->vc_cols - 1);
?
thanks,
--
js
suse labs
