yres and vyres can be controlled by user mode paramaters, and cause p->vrows to
become a negative value. While this value be passed to real_y function, the
ypos will be out of screen range.
This is an out-of-bounds write bug.
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/c
rows--;
}
在 2021/7/26 21:45,“Sam Ravnborg” 写入:
Hi,
On Mon, Jul 26, 2021 at 11:32:37AM +, tcs_kernel(腾讯云内核开发者) wrote:
> yres and vyres can be controlled by user mode paramaters, and cause
p->vrows to become a negative value. While this value be passed to real_y
function, the y