git.ipfire.org Git - thirdparty/kernel/stable.git/commit

fbdev: fix potential buffer overflow in do_register_framebuffer()

[ Upstream commit 523b84dc7ccea9c4d79126d6ed1cf9033cf83b05 ]

The current implementation may lead to buffer overflow when:
1.  Unregistration creates NULL gaps in registered_fb[]
2.  All array slots become occupied despite num_registered_fb < FB_MAX
3.  The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

Signed-off-by: Yongzhen Zhang <zhangyongzhen@kylinos.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Yongzhen Zhang <zhangyongzhen@kylinos.cn>
	Tue, 1 Jul 2025 09:07:04 +0000 (17:07 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 28 Aug 2025 14:25:59 +0000 (16:25 +0200)
commit	5c3f5a25c62230b7965804ce7a2e9305c3ca3961
tree	5817158bf54c259a34bf4398b36953a885117ce1	tree \| snapshot
parent	891331dbfa3510b349101eb97ece6d443ba6c0f8	commit \| diff