]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ba195a9) | patch
video: uvesafb: Fix integer overflow in allocation
authorKees Cook <keescook@chromium.org>
Fri, 11 May 2018 08:24:12 +0000 (18:24 +1000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 3 Jul 2018 09:21:34 +0000 (11:21 +0200)
commit842803e4a66bd2a0b663dae18b80535a575d427f
tree08c169c17b32409c2ec6da30f2632d19a7ce0da5tree | snapshot
parentba195a931ad6043b9036f52b041f846e618b963bcommit | diff
video: uvesafb: Fix integer overflow in allocation

commit 9f645bcc566a1e9f921bdae7528a01ced5bc3713 upstream.

cmap->len can get close to INT_MAX/2, allowing for an integer overflow in
allocation. This uses kmalloc_array() instead to catch the condition.

Reported-by: Dr Silvio Cesare of InfoSect <silvio.cesare@gmail.com>
Fixes: 8bdb3a2d7df48 ("uvesafb: the driver core")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/video/fbdev/uvesafb.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git