]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 14163f4) | patch
fbdev: fix potential OOB read in fast_imageblit()
authorZhang Shurong <zhang_shurong@foxmail.com>
Sat, 24 Jun 2023 16:16:49 +0000 (00:16 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 30 Aug 2023 14:18:12 +0000 (16:18 +0200)
commit2e56d380daa9655d8d6cca4948a48c9797d3fa1d
tree3591326ca54f858486c91e3660f1af9fa64f3746tree
parent14163f4a4fa64226057f76e45637229caccd8970commit | diff
fbdev: fix potential OOB read in fast_imageblit()

[ Upstream commit c2d22806aecb24e2de55c30a06e5d6eb297d161d ]

There is a potential OOB read at fast_imageblit, for
"colortab[(*src >> 4)]" can become a negative value due to
"const char *s = image->data, *src".
This change makes sure the index for colortab always positive
or zero.

Similar commit:
https://patchwork.kernel.org/patch/11746067

Potential bug report:
https://groups.google.com/g/syzkaller-bugs/c/9ubBXKeKXf4/m/k-QXy4UgAAAJ

Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/video/fbdev/core/sysimgblt.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git