[PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

2021-07-26 Thread
yres and vyres can be controlled by user mode paramaters, and cause p->vrows to become a negative value. While this value be passed to real_y function, the ypos will be out of screen range. This is an out-of-bounds write bug. diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/c

Re: [Internet]Re: [PATCH] fbcon: Out-Of-Bounds write in sys_imageblit, add range check

2021-07-26 Thread
rows--; } 在 2021/7/26 21:45,“Sam Ravnborg” 写入: Hi, On Mon, Jul 26, 2021 at 11:32:37AM +, tcs_kernel(腾讯云内核开发者) wrote: > yres and vyres can be controlled by user mode paramaters, and cause p->vrows to become a negative value. While this value be passed to real_y function, the y