sieni
/
linux
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/video
History
Thomas Zimmermann 9b2f5ef00e fbcon: Fix OOB access in font allocation 
Commit 1a194e6c8e ("fbcon: fix integer overflow in fbcon_do_set_font")
introduced an out-of-bounds access by storing data and allocation sizes
in the same variable. Restore the old size calculation and use the new
variable 'alloc_size' for the allocation.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 1a194e6c8e ("fbcon: fix integer overflow in fbcon_do_set_font")
Reported-by: Jani Nikula <jani.nikula@linux.intel.com>
Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/15020
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6201
Cc: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: George Kennedy <george.kennedy@oracle.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Simona Vetter <simona@ffwll.ch>
Cc: Helge Deller <deller@gmx.de>
Cc: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Qianqiang Liu <qianqiang.liu@163.com>
Cc: Shixiong Ou <oushixiong@kylinos.cn>
Cc: Kees Cook <kees@kernel.org>
Cc: <stable@vger.kernel.org> # v5.9+
Cc: Zsolt Kajtar <soci@c64.rulez.org>
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Reviewed-by: Qianqiang Liu <qianqiang.liu@163.com>
Link: https://lore.kernel.org/r/20250922134619.257684-1-tzimmermann@suse.de
 		2025-09-23 11:36:14 +02:00
..
backlight backlight: pm8941: Add NULL check in wled_configure() 2025-04-15 18:27:38 +01:00
console Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" 2025-08-02 21:47:33 +02:00
fbdev fbcon: Fix OOB access in font allocation 2025-09-23 11:36:14 +02:00
logo fbdev fixes and cleanups for 6.11-rc1: 2024-07-18 11:47:14 -07:00
Kconfig gpu/trace: make TRACE_GPU_MEM configurable 2025-07-08 09:34:47 -07:00
Makefile video: Provide screen_info_get_pci_dev() to find screen_info's PCI device 2024-02-14 10:09:16 +01:00
aperture.c video/aperture: optionally match the device in sysfb_disable() 2024-08-26 19:14:48 -04:00
cmdline.c video/cmdline: Hide __video_get_options() behind CONFIG_FB_CORE 2024-01-23 10:11:34 +01:00
display_timing.c
hdmi.c video: hdmi: Remove unused hdmi_infoframe_check 2024-12-22 07:03:42 +01:00
nomodeset.c
of_display_timing.c
of_videomode.c
screen_info_generic.c firmware: sysfb: Move bpp-depth calculation into screen_info helper 2025-04-07 11:02:07 +02:00
screen_info_pci.c video: screen_info: Relocate framebuffers behind PCI bridges 2025-06-05 17:54:06 +02:00
sticore.c fbcon: Increase maximum font width x height to 64 x 128 2024-03-16 08:29:48 +01:00
vgastate.c
videomode.c