On Tue, Mar 03, 2020 at 10:30:14PM +0800, zhangxiaoxu (A) wrote: > > > 在 2020/3/3 21:59, Ville Syrjälä 写道: > > That doesn't match how vc_screenbuf_size is computed elsewhere. Also > > a lot of places seem to assume that the screenbuf can be larger than > > vga_vram_size (eg. all the memcpy()s pick the smaller size of the > > two). > Yes, in the vga source code, we also pick the smaller size of two. But > in other place, eg: vc_do_resize, copy the old_origin to new_origin, we > not do that. It also make bad access happen. it maybe CVE-2020-8647. > > I think we should just assume the width/height maybe larger than the > default, not the screenbuf larger than vga_vram_size. > > If not, any useful of the larger screenbuf? Maybe used for scrolling? > > > > > And you're changing the behaviour of the code when > > 'width % 2 && user' is true -- Ville Syrjälä Intel _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
