From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Fullway Wang <fullwaywang@outlook.com>,
Helge Deller <deller@gmx.de>, Sasha Levin <sashal@kernel.org>,
tzimmermann@suse.de, sam@ravnborg.org, javierm@redhat.com,
linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org
Subject: [PATCH AUTOSEL 5.10 4/8] fbdev: sis: Error out if pixclock equals zero
Date: Fri, 2 Feb 2024 13:41:48 -0500 [thread overview]
Message-ID: <20240202184156.541981-4-sashal@kernel.org> (raw)
In-Reply-To: <20240202184156.541981-1-sashal@kernel.org>
From: Fullway Wang <fullwaywang@outlook.com>
[ Upstream commit e421946be7d9bf545147bea8419ef8239cb7ca52 ]
The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of pixclock,
it may cause divide-by-zero error.
In sisfb_check_var(), var->pixclock is used as a divisor to caculate
drate before it is checked against zero. Fix this by checking it
at the beginning.
This is similar to CVE-2022-3061 in i740fb which was fixed by
commit 15cf0b8.
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/sis/sis_main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/sis/sis_main.c b/drivers/video/fbdev/sis/sis_main.c
index 03c736f6f3d0..e540cb0c5172 100644
--- a/drivers/video/fbdev/sis/sis_main.c
+++ b/drivers/video/fbdev/sis/sis_main.c
@@ -1474,6 +1474,8 @@ sisfb_check_var(struct fb_var_screeninfo *var, struct fb_info *info)
vtotal = var->upper_margin + var->lower_margin + var->vsync_len;
+ if (!var->pixclock)
+ return -EINVAL;
pixclock = var->pixclock;
if((var->vmode & FB_VMODE_MASK) == FB_VMODE_NONINTERLACED) {
--
2.43.0
next prev parent reply other threads:[~2024-02-02 18:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-02 18:41 [PATCH AUTOSEL 5.10 1/8] wifi: cfg80211: fix missing interfaces when dumping Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 2/8] wifi: mac80211: fix race condition on enabling fast-xmit Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 3/8] fbdev: savage: Error out if pixclock equals zero Sasha Levin
2024-02-02 18:41 ` Sasha Levin [this message]
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 5/8] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 6/8] ahci: asm1166: correct count of reported ports Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 7/8] exec: Distinguish in_execve from in_exec Sasha Levin
2024-02-18 19:12 ` Pavel Machek
2024-02-22 12:36 ` Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 8/8] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240202184156.541981-4-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=deller@gmx.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=fullwaywang@outlook.com \
--cc=javierm@redhat.com \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sam@ravnborg.org \
--cc=stable@vger.kernel.org \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.