Enhance the checks in the FBIOPUT_VSCREENINFO ioctl handler to verify the user-provided new screen size for: a) virtual screen size >= physical screen size, and b) new screen size is bigger than currently configured console font size. Return -EINVAL on invalid input. Signed-off-by: Helge Deller <deller@xxxxxx> Cc: stable@xxxxxxxxxxxxxxx # v5.4+ --- drivers/video/fbdev/core/fbmem.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index afa2863670f3..50fb66b954d6 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1106,7 +1106,13 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, return -EFAULT; console_lock(); lock_fb_info(info); - ret = fb_set_var(info, &var); + if (var.xres_virtual < var.xres || + var.yres_virtual < var.yres) + ret = -EINVAL; + if (!ret) + ret = fbcon_modechange_possible(info, &var); + if (!ret) + ret = fb_set_var(info, &var); if (!ret) fbcon_update_vcs(info, var.activate & FB_ACTIVATE_ALL); unlock_fb_info(info); -- 2.35.3
