Re: [Internet]Re: [PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

On Tue, Jul 27, 2021 at 01:53:13AM +, tcs_kernel(腾讯云内核开发者) wrote: > yres and vyres can be controlled by user mode paramaters, and cause p->vrows > to become a negative value. While this value be passed to real_y function, > the ypos will be out of screen range. > This is an out-of-bounds writ

Re: [Internet]Re: [PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

yres and vyres can be controlled by user mode paramaters, and cause p->vrows to become a negative value. While this value be passed to real_y function, the ypos will be out of screen range. This is an out-of-bounds write bug. I think updatescrollmode is the right place to validate values supplied

[PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

yres and vyres can be controlled by user mode paramaters, and cause p->vrows to become a negative value. While this value be passed to real_y function, the ypos will be out of screen range. This is an out-of-bounds write bug. diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/c

Re: [PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

Hi, On Mon, Jul 26, 2021 at 11:32:37AM +, tcs_kernel(腾讯云内核开发者) wrote: > yres and vyres can be controlled by user mode paramaters, and cause p->vrows > to become a negative value. While this value be passed to real_y function, > the ypos will be out of screen range. > This is an out-of-bounds

Re: [PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

On Mon, Jul 26, 2021 at 11:32:37AM +, tcs_kernel(腾讯云内核开发者) wrote: > yres and vyres can be controlled by user mode paramaters, and cause p->vrows > to become a negative value. While this value be passed to real_y function, > the ypos will be out of screen range. > This is an out-of-bounds writ