On Sat, Jun 25, 2022 at 02:24:59PM +0200, Helge Deller wrote: > Prevent that users set a font size which is bigger than the physical screen. > It's unlikely this may happen (because screens are usually much larger than the > fonts and each font char is limited to 32x32 pixels), but it may happen on > smaller screens/LCD displays. > > Signed-off-by: Helge Deller <deller@xxxxxx> > Cc: stable@xxxxxxxxxxxxxxx # v4.14+ > --- > drivers/video/fbdev/core/fbcon.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c > index c4e91715ef00..e162d5e753e5 100644 > --- a/drivers/video/fbdev/core/fbcon.c > +++ b/drivers/video/fbdev/core/fbcon.c > @@ -2469,6 +2469,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, > if (charcount != 256 && charcount != 512) > return -EINVAL; > > + /* font bigger than screen resolution ? */ > + if (font->width > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) || > + font->height > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres)) > + return -EINVAL; Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx> Maybe as a safety follow up patch, we have a few copies of the below: cols = FBCON_SWAP(ops->rotate, info->var.xres, info->var.yres); rows = FBCON_SWAP(ops->rotate, info->var.yres, info->var.xres); cols /= vc->vc_font.width; rows /= vc->vc_font.height; Might be good to extract that into a helper and also add WARN_ON(!cols); WARN_ON(!rows); to make sure we really didn't screw this up and give syzkaller et all an easier time finding bugs - it doesn't need to discover the full exploit, only needs to get to this here. Also maybe even check that cols/rows is within reasons, like smaller than BIT(24) or so (so that we have a bunch of headroom for overflows). Anyway just an idea. -Daniel > + > /* Make sure drawing engine can handle the font */ > if (!(info->pixmap.blit_x & (1 << (font->width - 1))) || > !(info->pixmap.blit_y & (1 << (font->height - 1)))) > -- > 2.35.3 > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
