OSDN Git Service

(root) / android-x86 / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 353748a) | patch
video: uvesafb: Fix integer overflow in allocation
authorKees Cook <keescook@chromium.org>
Fri, 11 May 2018 08:24:12 +0000 (18:24 +1000)
committerKees Cook <keescook@chromium.org>
Tue, 12 Jun 2018 23:19:22 +0000 (16:19 -0700)
commit9f645bcc566a1e9f921bdae7528a01ced5bc3713
tree6a89ba3f5af7cb4c8415a8dd2589146b3018bed7tree | snapshot
parent353748a359f1821ee934afc579cf04572406b420commit | diff
video: uvesafb: Fix integer overflow in allocation

cmap->len can get close to INT_MAX/2, allowing for an integer overflow in
allocation. This uses kmalloc_array() instead to catch the condition.

Reported-by: Dr Silvio Cesare of InfoSect <silvio.cesare@gmail.com>
Fixes: 8bdb3a2d7df48 ("uvesafb: the driver core")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
drivers/video/fbdev/uvesafb.c diff | blob | history
kernel
About OSDN
Find Software
Develop Software
Help