在 2020/3/3 21:59, Ville Syrjälä 写道:
That doesn't match how vc_screenbuf_size is computed elsewhere. Also a lot of places seem to assume that the screenbuf can be larger than vga_vram_size (eg. all the memcpy()s pick the smaller size of the two).
Yes, in the vga source code, we also pick the smaller size of two. But in other place, eg: vc_do_resize, copy the old_origin to new_origin, we not do that. It also make bad access happen. it maybe CVE-2020-8647. I think we should just assume the width/height maybe larger than the default, not the screenbuf larger than vga_vram_size. If not, any useful of the larger screenbuf?
And you're changing the behaviour of the code when 'width % 2 && user' is true
_______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
