[PATCH] fbdev: i740: Fix potential divide by zero

linux-fbdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] fbdev: i740: Fix potential divide by zero
@ 2025-06-14  5:18 Alex Guo
  2025-06-15  8:30 ` David Laight
  0 siblings, 1 reply; 3+ messages in thread
From: Alex Guo @ 2025-06-14  5:18 UTC (permalink / raw)
  To: deller; +Cc: alexguo1023, linux-fbdev, dri-devel, linux-kernel

Variable var->pixclock can be set by user. In case it equals to
zero, divide by zero would occur in 4 switch branches in
i740fb_decode_var.
Similar crashes have happened in other fbdev drivers. We fix this
by checking whether 'pixclock' is zero.

Similar commit: commit 16844e58704 ("video: fbdev: tridentfb:
Error out if 'pixclock' equals zero")

Signed-off-by: Alex Guo <alexguo1023@gmail.com>
---
 drivers/video/fbdev/i740fb.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c
index 9b74dae71472..861e9e397b4e 100644
--- a/drivers/video/fbdev/i740fb.c
+++ b/drivers/video/fbdev/i740fb.c
@@ -419,6 +419,10 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
 
 
 	bpp = var->bits_per_pixel;
+	if (!var->pixclock){
+		dev_err(info->device, "pixclock must not be zero\n");
+		return -EINVAL;
+	}
 	switch (bpp) {
 	case 1 ... 8:
 		bpp = 8;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] fbdev: i740: Fix potential divide by zero
  2025-06-14  5:18 [PATCH] fbdev: i740: Fix potential divide by zero Alex Guo
@ 2025-06-15  8:30 ` David Laight
       [not found]   ` <CAAi4Z-fDFw1gD2MbqucWRMN0DvKf5mk6B+GDD95x9o23G8iK6w@mail.gmail.com>
  0 siblings, 1 reply; 3+ messages in thread
From: David Laight @ 2025-06-15  8:30 UTC (permalink / raw)
  To: Alex Guo; +Cc: deller, linux-fbdev, dri-devel, linux-kernel

On Sat, 14 Jun 2025 01:18:37 -0400
Alex Guo <alexguo1023@gmail.com> wrote:

> Variable var->pixclock can be set by user. In case it equals to
> zero, divide by zero would occur in 4 switch branches in
> i740fb_decode_var.
> Similar crashes have happened in other fbdev drivers. We fix this
> by checking whether 'pixclock' is zero.

Doesn't it already hit the 'default' clause of the switch statement?

	David

> 
> Similar commit: commit 16844e58704 ("video: fbdev: tridentfb:
> Error out if 'pixclock' equals zero")
> 
> Signed-off-by: Alex Guo <alexguo1023@gmail.com>
> ---
>  drivers/video/fbdev/i740fb.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c
> index 9b74dae71472..861e9e397b4e 100644
> --- a/drivers/video/fbdev/i740fb.c
> +++ b/drivers/video/fbdev/i740fb.c
> @@ -419,6 +419,10 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
>  
>  
>  	bpp = var->bits_per_pixel;
> +	if (!var->pixclock){
> +		dev_err(info->device, "pixclock must not be zero\n");
> +		return -EINVAL;
> +	}
>  	switch (bpp) {
>  	case 1 ... 8:
>  		bpp = 8;


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] fbdev: i740: Fix potential divide by zero
       [not found]   ` <CAAi4Z-fDFw1gD2MbqucWRMN0DvKf5mk6B+GDD95x9o23G8iK6w@mail.gmail.com>
@ 2025-06-15 20:57     ` David Laight
  0 siblings, 0 replies; 3+ messages in thread
From: David Laight @ 2025-06-15 20:57 UTC (permalink / raw)
  To: Jin D; +Cc: deller, linux-fbdev, dri-devel, linux-kernel

On Sun, 15 Jun 2025 16:43:58 -0400
Jin D <alexguo1023@gmail.com> wrote:

> >       bpp = var->bits_per_pixel;
> > +     if (!var->pixclock){
> > +             dev_err(info->device, "pixclock must not be zero\n");
> > +             return -EINVAL;
> > +     }
> >       switch (bpp) {
> >       case 1 ... 8:
> >               bpp = 8;  
> 
> The value used in the switch condition is var->bits_per_pixel. I can not
> find a deterministic relationship between var->bits_per_pixel and
> var->pixclock.

Brain-fade ...

> 
> On Sun, Jun 15, 2025 at 4:30 AM David Laight <david.laight.linux@gmail.com>
> wrote:
> 
> > On Sat, 14 Jun 2025 01:18:37 -0400
> > Alex Guo <alexguo1023@gmail.com> wrote:
> >  
> > > Variable var->pixclock can be set by user. In case it equals to
> > > zero, divide by zero would occur in 4 switch branches in
> > > i740fb_decode_var.
> > > Similar crashes have happened in other fbdev drivers. We fix this
> > > by checking whether 'pixclock' is zero.  
> >
> > Doesn't it already hit the 'default' clause of the switch statement?
> >
> >         David
> >  
> > >
> > > Similar commit: commit 16844e58704 ("video: fbdev: tridentfb:
> > > Error out if 'pixclock' equals zero")
> > >
> > > Signed-off-by: Alex Guo <alexguo1023@gmail.com>
> > > ---
> > >  drivers/video/fbdev/i740fb.c | 4 ++++
> > >  1 file changed, 4 insertions(+)
> > >
> > > diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c
> > > index 9b74dae71472..861e9e397b4e 100644
> > > --- a/drivers/video/fbdev/i740fb.c
> > > +++ b/drivers/video/fbdev/i740fb.c
> > > @@ -419,6 +419,10 @@ static int i740fb_decode_var(const struct  
> > fb_var_screeninfo *var,  
> > >
> > >
> > >       bpp = var->bits_per_pixel;
> > > +     if (!var->pixclock){
> > > +             dev_err(info->device, "pixclock must not be zero\n");
> > > +             return -EINVAL;
> > > +     }
> > >       switch (bpp) {
> > >       case 1 ... 8:
> > >               bpp = 8;  
> >
> >  


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-06-15 20:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-14  5:18 [PATCH] fbdev: i740: Fix potential divide by zero Alex Guo
2025-06-15  8:30 ` David Laight
     [not found]   ` <CAAi4Z-fDFw1gD2MbqucWRMN0DvKf5mk6B+GDD95x9o23G8iK6w@mail.gmail.com>
2025-06-15 20:57     ` David Laight

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).