The check protects against division by 0, integer wraparound,
and overflow Start/End window settings.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Danila Chernetsov <listda...@mail.ru>
---
drivers/video/fbdev/kyro/fbdev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/video/fbdev/kyro/fbdev.c b/drivers/video/fbdev/kyro/fbdev.c
index 08ee8baa79f8..1d5246313d9a 100644
--- a/drivers/video/fbdev/kyro/fbdev.c
+++ b/drivers/video/fbdev/kyro/fbdev.c
@@ -378,6 +378,13 @@ static int kyro_dev_overlay_viewport_set(u32 x, u32 y, u32
ulWidth, u32 ulHeight
(x < 2 && ulWidth + 2 == 0))
return -EINVAL;
+ /* The check protects against division by 0, integer wraparound,
+ * and overflow Start/End window settings.
+ */
+ if (x + ulWidth - 1 <= x || y + ulHeight - 1 <= y ||
+ x + ulWidth - 1 > 65535 || y + ulHeight - 1 > 65535)
+ return -EINVAL;
+
/* Stop Ramdac Output */
DisableRamdacOutput(deviceInfo.pSTGReg);
--
2.25.1
