This makes it show up on UBSAN:
perl -e 'for (0..15) {my @x=("0")x$_;push @x,qw(38 2 64 128 192 4);printf
"\e[%smAfter %d zeroes.\e[0m\n", join(";",@x[0..($_+5<15?$_+5:15)]), $_}'
Seems harmless: if you can programmatically read attributes of a vt
character (/dev/vcsa*), multiple probes can obtain parts of vt_mode then
lowest byte (5th on 64-bit big-endian) of a pointer.
Signed-off-by: Adam Borowski <kilobyte@xxxxxxxxxx>
---
drivers/tty/vt/vt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 2705ca9..b51586f 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1316,7 +1316,7 @@ static int vc_t416_color(struct vc_data *vc, int i,
/* 256 colours -- ubiquitous */
i++;
rgb_from_256(vc->vc_par[i], &c);
- } else if (vc->vc_par[i] == 2 && i <= vc->vc_npar + 3) {
+ } else if (vc->vc_par[i] == 2 && i + 3 <= vc->vc_npar) {
/* 24 bit -- extremely rare */
c.r = vc->vc_par[i + 1];
c.g = vc->vc_par[i + 2];
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-serial" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
