在 2020/3/3 22:46, Ville Syrjälä 写道:
On Tue, Mar 03, 2020 at 10:30:14PM +0800, zhangxiaoxu (A) wrote:
在 2020/3/3 21:59, Ville Syrjälä 写道:
That doesn't match how vc_screenbuf_size is computed elsewhere. Also
a lot of places seem to assume that the screenbuf can be larger than
vga_vram_size (e
在 2020/3/3 21:59, Ville Syrjälä 写道:
That doesn't match how vc_screenbuf_size is computed elsewhere. Also
a lot of places seem to assume that the screenbuf can be larger than
vga_vram_size (eg. all the memcpy()s pick the smaller size of the
two).
Yes, in the vga source code, we also pick the sm
On Tue, Mar 03, 2020 at 10:30:14PM +0800, zhangxiaoxu (A) wrote:
>
>
> 在 2020/3/3 21:59, Ville Syrjälä 写道:
> > That doesn't match how vc_screenbuf_size is computed elsewhere. Also
> > a lot of places seem to assume that the screenbuf can be larger than
> > vga_vram_size (eg. all the memcpy()s pic
On Tue, Mar 03, 2020 at 11:20:36AM +0800, Zhang Xiaoxu wrote:
> When syzkaller tests, there is a UAF:
> BUG: KASan: use after free in vgacon_invert_region+0x9d/0x110 at addr
> 8810
> Read of size 2 by task syz-executor.1/16489
> page:ea004000 count:0 mapcount:-127 mapp
