From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753178AbdKIQLu (ORCPT ); Thu, 9 Nov 2017 11:11:50 -0500 Received: from mailout1.samsung.com ([203.254.224.24]:63076 "EHLO mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751798AbdKIQLr (ORCPT ); Thu, 9 Nov 2017 11:11:47 -0500 DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.samsung.com 20171109161145epoutp01af5c5dd9e5a0133d047af9c2393090ce~1dtSnQGvn0413504135epoutp01c X-AuditID: b6c32a45-333ff70000001129-cb-5a047e413133 From: Bartlomiej Zolnierkiewicz To: Geert Uytterhoeven Cc: Dan Carpenter , Benjamin Herrenschmidt , linux-fbdev@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fbdev: controlfb: Add missing modes to fix out of bounds access Date: Thu, 09 Nov 2017 17:11:42 +0100 Message-id: <3213289.UpBeyY0aCM@amdc3058> User-Agent: KMail/4.13.3 (Linux/3.13.0-96-generic; KDE/4.13.3; x86_64; ; ) In-reply-to: <1510063505-2063-1-git-send-email-geert@linux-m68k.org> MIME-version: 1.0 Content-transfer-encoding: 7Bit Content-type: text/plain; charset="us-ascii" X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsWy7bCmua5jHUuUQcdaYYsPTa3MFq//TWex eHZrL5PFib4PrBaXd81hs/j9/R+rA5tHz5sWVo9DhzsYPc7PWMjo8fHpLRaPz5vkAlijuGxS UnMyy1KL9O0SuDImbt7BXHCFveLb33XsDYwb2LoYOTkkBEwkVt7pZuli5OIQEtjBKDFlyg8W kISQwHdGiSvvlGGKFk06zAhRtJtRYs2LZ+wQzldGiW/H5rODVLEJWElMbF8FVMXBISKgKzHn JxNIDbPAXkaJAxMOsILUCAuESey4sR1sA4uAqkR33x8wm1dAU+LWtmlgNaICXhJb9rUzgdic Ai4SP/4tZoaoEZT4MfkeWD2zgLzEvv1TWSFsHYmzx9aBXSchsINNYlvLfUaIs10kDh3qZoaw hSVeHd/CDmFLSzxbtRGqZjqjxPbfEhDNmxklVu2eAFVkLXH4+EWoDXwSHYf/soN8JiHAK9HR JgRR4iHRdWY3E4TtKDGpHRSmoFABmvl+5hLGCYyys5AcPgvJ4bOQHL6AkXkVo1hqQXFuemqx UYGhXnFibnFpXrpecn7uJkZwctBy3cE445zPIUYBDkYlHl6HtcxRQqyJZcWVuYcYJTiYlUR4 TXNYooR4UxIrq1KL8uOLSnNSiw8xSnOwKInz1m+7FiEkkJ5YkpqdmlqQWgSTZeLglGpgvJep tu0bZ+if+w1Jxhd++q/+rXr+2M+kufffSp52vnRaI38rw+OXuz7M3NESkCT5/NzNRxFrRfaw y2iynP5eH19ypVNF/CCDdfCimOkZEV8NvkR1x1cG3Ti5trz8ddEnheza6cs1rA2/H+DnnxX/ 542H8EmPr172vFOmry8NbguWyHN5urk3QomlOCPRUIu5qDgRAPjXXaMKAwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrALMWRmVeSWpSXmKPExsVy+t9jAV2HOpYog4lXlCw+NLUyW7z+N53F 4tmtvUwWJ/o+sFpc3jWHzeL393+sDmwePW9aWD0OHe5g9Dg/YyGjx8ent1g8Pm+SC2CN4rJJ Sc3JLEst0rdL4MqYuHkHc8EV9opvf9exNzBuYOti5OSQEDCRWDTpMGMXIxeHkMBORomHW38x QThfGSV6P15nBaliE7CSmNi+CqiKg0NEQFdizk+wGmaB/YwSFw68ZQepERYIk5jYv58ZxGYR UJXo7vvDAmLzCmhK3No2DWyOqICXxJZ97UwgNqeAi8SPf4uZIZbNZJRYsG45G0SDoMSPyffA mpkF5CX27Z/KCmFrSazfeZxpAiP/LCRls5CUzUJStoCReRWjZGpBcW56brFRgVFearlecWJu cWleul5yfu4mRmA4bzus1b+D8fGS+EOMAhyMSjy8DmuZo4RYE8uKK3MPMUpwMCuJ8JrmsEQJ 8aYkVlalFuXHF5XmpBYfYpTmYFES5+XPPxYpJJCeWJKanZpakFoEk2Xi4JRqYMy6ePtCbbfj z0Mes1e+X/Bwd4xNlcw8Q4FbT7PZSstcljpUGDa2yIZMub3BaWJZvM5HKTFXm2XuzOGef7Zd D0nh9y9r7tUUfnE8dvnZinXfTIO1ZD9N024UWPHBdqElV/Jq/iQGNYtXNokxyjt86tffL/q/ t+R4iWNEijtvnO1Lpr/m8Wp8SizFGYmGWsxFxYkAEp4SFWMCAAA= X-CMS-MailID: 20171109161144epcas2p1e4380e50c913f02a0f68627fbfc9b78c X-Msg-Generator: CA CMS-TYPE: 102P X-CMS-RootMailID: 20171107140514epcas4p2988fc367b675dd8facef2f2dba0908db X-RootMTR: 20171107140514epcas4p2988fc367b675dd8facef2f2dba0908db References: <1510063505-2063-1-git-send-email-geert@linux-m68k.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tuesday, November 07, 2017 03:05:05 PM Geert Uytterhoeven wrote: > Dan's static analysis says: > > drivers/video/fbdev/controlfb.c:560 control_setup() > error: buffer overflow 'control_mac_modes' 20 <= 21 > > Indeed, control_mac_modes[] has only 20 elements, while VMODE_MAX is 22, > which may lead to an out of bounds read when parsing vmode commandline > options. > > The bug was introduced in v2.4.5.6, when 2 new modes were added to > macmodes.h, but control_mac_modes[] wasn't updated: > > https://kernel.opensuse.org/cgit/kernel/diff/include/video/macmodes.h?h=v2.5.2&id=29f279c764808560eaceb88fef36cbc35c529aad > > Augment control_mac_modes[] with the two new video modes to fix this. > > Reported-by: Dan Carpenter > Signed-off-by: Geert Uytterhoeven Patch queued for 4.15, thanks. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics