On Tuesday, November 07, 2017 03:05:05 PM Geert Uytterhoeven wrote: > Dan's static analysis says: > > drivers/video/fbdev/controlfb.c:560 control_setup() > error: buffer overflow 'control_mac_modes' 20 <= 21 > > Indeed, control_mac_modes[] has only 20 elements, while VMODE_MAX is 22, > which may lead to an out of bounds read when parsing vmode commandline > options. > > The bug was introduced in v2.4.5.6, when 2 new modes were added to > macmodes.h, but control_mac_modes[] wasn't updated: > > https://kernel.opensuse.org/cgit/kernel/diff/include/video/macmodes.h?h=v2.5.2&id=29f279c764808560eaceb88fef36cbc35c529aad > > Augment control_mac_modes[] with the two new video modes to fix this. > > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Patch queued for 4.15, thanks. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics -- To unsubscribe from this list: send the line "unsubscribe linux-fbdev" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
