Re: [PATCH] vgacon: Fix a UAF in vgacon_invert_region

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 03, 2020 at 10:30:14PM +0800, zhangxiaoxu (A) wrote:
> 
> 
> 在 2020/3/3 21:59, Ville Syrjälä 写道:
> > That doesn't match how vc_screenbuf_size is computed elsewhere. Also
> > a lot of places seem to assume that the screenbuf can be larger than
> > vga_vram_size (eg. all the memcpy()s pick the smaller size of the
> > two).
> Yes, in the vga source code, we also pick the smaller size of two. But
> in other place, eg: vc_do_resize, copy the old_origin to new_origin, we
> not do that. It also make bad access happen. it maybe CVE-2020-8647.
> 
> I think we should just assume the width/height maybe larger than the
> default, not the screenbuf larger than vga_vram_size.
> 
> If not, any useful of the larger screenbuf?

Maybe used for scrolling?

> 
> > 
> > And you're changing the behaviour of the code when
> > 'width % 2 && user' is true

-- 
Ville Syrjälä
Intel
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel




[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux