From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Liu Jing <liujbjl@linux.vnet.ibm.com>,
Yang Chen <bjcyang@linux.vnet.ibm.com>,
Sascha Silbe <silbe@linux.vnet.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [PATCH 4.4 42/51] s390/con3270: fix use of uninitialised data
Date: Sat, 29 Oct 2016 09:49:43 -0400 [thread overview]
Message-ID: <20161029134924.297717162@linuxfoundation.org> (raw)
In-Reply-To: <20161029134922.501052551@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sascha Silbe <silbe@linux.vnet.ibm.com>
commit c14f2aac7aa147861793eed9f41f91dd530f0be1 upstream.
con3270 contains an optimisation that reduces the amount of data to be
transmitted to the 3270 terminal by putting a Repeat to Address (RA)
order into the data stream. The RA order itself takes up space, so
con3270 only uses it if there's enough space left in the line
buffer. Otherwise it just pads out the line manually.
For lines too long to include the RA order, one byte was left
uninitialised. This was caused by an off-by-one bug in the loop that
pads out the line. Since the buffer is allocated from a common pool,
the single byte left uninitialised contained some previous buffer
content. Usually this was just a space or some character (which can
result in clutter but is otherwise harmless). Sometimes, however, it
was a Repeat to Address order, messing up the entire screen layout and
causing the display to send the entire buffer content on every
keystroke.
Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git)
Reported-by: Liu Jing <liujbjl@linux.vnet.ibm.com>
Tested-by: Jing Liu <liujbjl@linux.vnet.ibm.com>
Tested-by: Yang Chen <bjcyang@linux.vnet.ibm.com>
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/char/con3270.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/s390/char/con3270.c
+++ b/drivers/s390/char/con3270.c
@@ -465,7 +465,7 @@ con3270_cline_end(struct con3270 *cp)
s->string[s->len - 4] = TO_RA;
s->string[s->len - 1] = 0;
} else {
- while (--size > cp->cline->len)
+ while (--size >= cp->cline->len)
s->string[size] = cp->view.ascebc[' '];
}
/* Replace cline with allocated line s and reset cline. */
next prev parent reply other threads:[~2016-10-29 13:50 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20161029134951epcas3p1c13b6f1be6f87b86f566460458ace237@epcas3p1.samsung.com>
2016-10-29 13:49 ` [PATCH 4.4 00/51] 4.4.29-stable review Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 02/51] drm/amdgpu: fix IB alignment for UVD Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 03/51] drm/amdgpu/dce10: disable hpd on local panels Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 04/51] drm/amdgpu/dce8: " Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 05/51] drm/amdgpu/dce11: " Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 06/51] drm/amdgpu/dce11: add missing drm_mode_config_cleanup call Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 07/51] drm/amdgpu: change vblank_times calculation method to reduce computational error Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 08/51] drm/radeon: narrow asic_init for virtualization Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 09/51] drm/radeon/si/dpm: fix phase shedding setup Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 10/51] drm/radeon: change vblank_times calculation method to reduce computational error Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 11/51] drm/vmwgfx: Limit the user-space command buffer size Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 13/51] drm/i915/gen9: fix the WaWmMemoryReadLatency implementation Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 14/51] Revert "drm/i915: Check live status before reading edid" Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 16/51] drm/i915: Unalias obj->phys_handle and obj->userptr Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 17/51] mm/hugetlb: fix memory offline with hugepage size > memory block size Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 18/51] brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 19/51] posix_acl: Clear SGID bit when setting file permissions Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 20/51] ipip: Properly mark ipip GRO packets as encapsulated Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 21/51] tunnels: Dont apply GRO to multiple layers of encapsulation Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 22/51] tunnels: Remove encapsulation offloads on decap Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 23/51] powerpc/eeh: Null check uses of eeh_pe_bus_get Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 24/51] perf stat: Fix interval output values Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 25/51] genirq/generic_chip: Add irq_unmap callback Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 26/51] uio: fix dmem_region_start computation Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 28/51] spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 29/51] mwifiex: correct aid value during tdls setup Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 31/51] crypto: arm/ghash-ce - add missing async import/export Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 32/51] hwrng: omap - Only fail if pm_runtime_get_sync returns < 0 Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 33/51] ASoC: topology: Fix error return code in soc_tplg_dapm_widget_create() Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 34/51] ASoC: dapm: Fix possible uninitialized variable in snd_soc_dapm_get_volsw() Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 35/51] ASoC: dapm: Fix value setting for _ENUM_DOUBLE MUXs second channel Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 36/51] ASoC: dapm: Fix kcontrol creation for output driver widget Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 37/51] staging: r8188eu: Fix scheduling while atomic splat Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 38/51] power: bq24257: Fix use of uninitialized pointer bq->charger Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 39/51] dmaengine: ipu: remove bogus NO_IRQ reference Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 40/51] x86/mm: Expand the exception table logic to allow new handling options Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 41/51] s390/cio: fix accidental interrupt enabling during resume Greg Kroah-Hartman
2016-10-29 13:49 ` Greg Kroah-Hartman [this message]
2016-10-29 13:49 ` [PATCH 4.4 43/51] s390/con3270: fix insufficient space padding Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 44/51] clk: qoriq: fix a register offset error Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 45/51] clk: divider: Fix clk_divider_round_rate() to use clk_readl() Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 46/51] perf hists browser: Fix event group display Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 47/51] perf symbols: Check symbol_conf.allow_aliases for kallsyms loading too Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 48/51] perf symbols: Fixup symbol sizes before picking best ones Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 49/51] mpt3sas: Dont spam logs if logging level is 0 Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 50/51] powerpc/nvram: Fix an incorrect partition merge Greg Kroah-Hartman
2016-10-29 13:49 ` [PATCH 4.4 51/51] ARM: pxa: pxa_cplds: fix interrupt handling Greg Kroah-Hartman
2016-10-29 23:08 ` [PATCH 4.4 00/51] 4.4.29-stable review Shuah Khan
2016-10-30 0:43 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161029134924.297717162@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bjcyang@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liujbjl@linux.vnet.ibm.com \
--cc=schwidefsky@de.ibm.com \
--cc=silbe@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).