summaryrefslogtreecommitdiff
path: root/include/linux/stringify.h
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>2021-09-08 19:27:49 +0900
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-09-22 11:41:22 +0200
commit77497cbd3383abc3e1de373109d85ee2e9dd2c70 (patch)
tree7383c14eafd62c771dd28d441b97b48135e53933 /include/linux/stringify.h
parent5c0be52046c94489dfbb87ef0ff6107f04ff1e5d (diff)
fbmem: don't allow too huge resolutions
commit 8c28051cdcbe9dfcec6bd0a4709d67a09df6edae upstream. syzbot is reporting page fault at vga16fb_fillrect() [1], for vga16fb_check_var() is failing to detect multiplication overflow. if (vxres * vyres > maxmem) { vyres = maxmem / vxres; if (vyres < yres) return -ENOMEM; } Since no module would accept too huge resolutions where multiplication overflow happens, let's reject in the common path. Link: https://syzkaller.appspot.com/bug?extid=04168c8063cfdde1db5e [1] Reported-by: syzbot <syzbot+04168c8063cfdde1db5e@syzkaller.appspotmail.com> Debugged-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/185175d6-227a-7b55-433d-b070929b262c@i-love.sakura.ne.jp Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/stringify.h')
0 files changed, 0 insertions, 0 deletions