projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c2ddc14) | patch
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 8 Oct 2018 10:57:36 +0000 (12:57 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 24 Nov 2019 07:23:21 +0000 (08:23 +0100)
commite5379b2bc7e11c157a4a1d9e7fb81f52b79c66b1
treee49d00fc4b4b7be79a95e26d152dc29d11ac1a77tree | snapshot (tar.gz zip)
parentc2ddc149cdf3d87a141eb4bd56fbfb543784778fcommit | diff
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()

[ Upstream commit e5017716adb8aa5c01c52386c1b7470101ffe9c5 ]

The "index + count" addition can overflow.  Both come directly from the
user.  This bug leads to an information leak.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Peter Malone <peter.malone@gmail.com>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/video/fbdev/sbuslib.c diff | blob | blame | history