On 3/5/24 14:51, Roman Smirnov wrote:
The expression htotal * vtotal can have a zero value on
overflow.
I'm not sure if thos always results in zero in kernel on overflow.
Might be architecture-depended too, but let's assume it
can become zero, ....
It is necessary to prevent division by zero like in
fb_var_to_videomode().
Found by Linux Verification Center (linuxtesting.org) with Svace.
Signed-off-by: Roman Smirnov <r.smirnov@xxxxxx>
Reviewed-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
---
V1 -> V2: Replaced the code of the first version with a check.
drivers/video/fbdev/core/fbmon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
index 79e5bfbdd34c..b137590386da 100644
--- a/drivers/video/fbdev/core/fbmon.c
+++ b/drivers/video/fbdev/core/fbmon.c
@@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
vm->vsync_len;
/* prevent division by zero */
- if (htotal && vtotal) {
+ if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
why don't you then simply check for
if .. ((htotal * vtotal) == 0) ...
instead?
Helge
fbmode->refresh = vm->pixelclock / (htotal * vtotal);
/* a mode must have htotal and vtotal != 0 or it is invalid */
} else {
