fbcon: prevent user font height or width change from causing potential out-of-bounds...
authorGeorge Kennedy <george.kennedy@oracle.com>
Fri, 31 Jul 2020 16:33:11 +0000 (12:33 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 3 Sep 2020 09:21:20 +0000 (11:21 +0200)
commit451bffa366f2cc0e5314807cb847f31c0226efed
tree8e030b6eab7d8259fb52f1f7cec0ad8446c29e0f
parent0e7f157f080575e3b5133280f400f115b57b8416
fbcon: prevent user font height or width change from causing potential out-of-bounds access

commit 39b3cffb8cf3111738ea993e2757ab382253d86a upstream.

Add a check to fbcon_resize() to ensure that a possible change to user font
height or user font width will not allow a font data out-of-bounds access.
NOTE: must use original charcount in calculation as font charcount can
change and cannot be used to determine the font data allocated size.

Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Cc: stable <stable@vger.kernel.org>
Reported-by: syzbot+38a3699c7eaf165b97a6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/1596213192-6635-1-git-send-email-george.kennedy@oracle.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/video/console/fbcon.c