Hello, Greg. Since nobody is interested in this bug, can you directly pick up this obvious patch without waiting for maintainer's response? On 2020/08/31 19:37, Tetsuo Handa wrote: > syzbot is reporting OOB read at vga_8planes_imageblit() [1], for > "cdat[y] >> 4" can become a negative value due to "const char *cdat". > > [1] https://syzkaller.appspot.com/bug?id=0d7a0da1557dcd1989e00cb3692b26d4173b4132 > > Reported-by: syzbot <syzbot+69fbd3e01470f169c8c4@xxxxxxxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > --- > drivers/video/fbdev/vga16fb.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/video/fbdev/vga16fb.c b/drivers/video/fbdev/vga16fb.c > index a20eeb8308ff..578d3541e3d6 100644 > --- a/drivers/video/fbdev/vga16fb.c > +++ b/drivers/video/fbdev/vga16fb.c > @@ -1121,7 +1121,7 @@ static void vga_8planes_imageblit(struct fb_info *info, const struct fb_image *i > char oldop = setop(0); > char oldsr = setsr(0); > char oldmask = selectmask(); > - const char *cdat = image->data; > + const unsigned char *cdat = image->data; > u32 dx = image->dx; > char __iomem *where; > int y; > _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
