On 30. 07. 22, 20:49, Helge Deller wrote:
The line and column numbers for the selection need to start at 1. Add the checks to prevent invalid input. Signed-off-by: Helge Deller <deller@xxxxxx> Reported-by: syzbot+14b0e8f3fd1612e35350@xxxxxxxxxxxxxxxxxxxxxxxxx diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index f7755e73696e..58692a9b4097 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -326,6 +326,9 @@ static int vc_selection(struct vc_data *vc, struct tiocl_selection *v, return 0; } + if (!v->xs || !v->ys || !v->xe || !v->ye) + return -EINVAL;
Hmm, I'm not sure about this. It potentially breaks userspace (by returning EINVAL now). And the code below should handle this just fine, right:
+ v->xs = min_t(u16, v->xs - 1, vc->vc_cols - 1); v->ys = min_t(u16, v->ys - 1, vc->vc_rows - 1); v->xe = min_t(u16, v->xe - 1, vc->vc_cols - 1);
? thanks, -- js suse labs