* [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row
@ 2018-09-19 17:15 Heinrich Schuchardt
2018-09-23 11:35 ` Alexander Graf
2018-09-26 18:58 ` Anatolij Gustschin
0 siblings, 2 replies; 4+ messages in thread
From: Heinrich Schuchardt @ 2018-09-19 17:15 UTC (permalink / raw)
To: u-boot
CSI H can be used to position the cursor. The calling application may
specify a location that is beyond the limits of the screen. This may
lead to an illegal memory access.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
drivers/video/vidconsole-uclass.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/video/vidconsole-uclass.c b/drivers/video/vidconsole-uclass.c
index f1d3ad3611..0c36a5de0a 100644
--- a/drivers/video/vidconsole-uclass.c
+++ b/drivers/video/vidconsole-uclass.c
@@ -213,6 +213,14 @@ static void vidconsole_escape_char(struct udevice *dev, char ch)
s++; /* ; */
s = parsenum(s, &col);
+ /*
+ * Ensure we stay in the bounds of the screen.
+ */
+ if (row >= priv->rows)
+ row = priv->rows - 1;
+ if (col >= priv->cols)
+ col = priv->cols - 1;
+
priv->ycur = row * priv->y_charsize;
priv->xcur_frac = priv->xstart_frac +
VID_TO_POS(col * priv->x_charsize);
--
2.18.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row
2018-09-19 17:15 [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row Heinrich Schuchardt
@ 2018-09-23 11:35 ` Alexander Graf
2018-09-26 19:00 ` Anatolij Gustschin
2018-09-26 18:58 ` Anatolij Gustschin
1 sibling, 1 reply; 4+ messages in thread
From: Alexander Graf @ 2018-09-23 11:35 UTC (permalink / raw)
To: u-boot
On 19.09.18 19:15, Heinrich Schuchardt wrote:
> CSI H can be used to position the cursor. The calling application may
> specify a location that is beyond the limits of the screen. This may
> lead to an illegal memory access.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
I'll be happy to take this in via efi-next if nobody beats me to it, as
it fixes a test failure we're not triggering otherwise.
Alex
> ---
> drivers/video/vidconsole-uclass.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/video/vidconsole-uclass.c b/drivers/video/vidconsole-uclass.c
> index f1d3ad3611..0c36a5de0a 100644
> --- a/drivers/video/vidconsole-uclass.c
> +++ b/drivers/video/vidconsole-uclass.c
> @@ -213,6 +213,14 @@ static void vidconsole_escape_char(struct udevice *dev, char ch)
> s++; /* ; */
> s = parsenum(s, &col);
>
> + /*
> + * Ensure we stay in the bounds of the screen.
> + */
> + if (row >= priv->rows)
> + row = priv->rows - 1;
> + if (col >= priv->cols)
> + col = priv->cols - 1;
> +
> priv->ycur = row * priv->y_charsize;
> priv->xcur_frac = priv->xstart_frac +
> VID_TO_POS(col * priv->x_charsize);
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row
2018-09-19 17:15 [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row Heinrich Schuchardt
2018-09-23 11:35 ` Alexander Graf
@ 2018-09-26 18:58 ` Anatolij Gustschin
1 sibling, 0 replies; 4+ messages in thread
From: Anatolij Gustschin @ 2018-09-26 18:58 UTC (permalink / raw)
To: u-boot
On Wed, 19 Sep 2018 19:15:14 +0200
Heinrich Schuchardt xypron.glpk at gmx.de wrote:
> CSI H can be used to position the cursor. The calling application may
> specify a location that is beyond the limits of the screen. This may
> lead to an illegal memory access.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
> drivers/video/vidconsole-uclass.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
Applied to u-boot-video/master, thanks!
--
Anatolij
^ permalink raw reply [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row
2018-09-23 11:35 ` Alexander Graf
@ 2018-09-26 19:00 ` Anatolij Gustschin
0 siblings, 0 replies; 4+ messages in thread
From: Anatolij Gustschin @ 2018-09-26 19:00 UTC (permalink / raw)
To: u-boot
On Sun, 23 Sep 2018 13:35:16 +0200
Alexander Graf agraf at suse.de wrote:
...
> I'll be happy to take this in via efi-next if nobody beats me to it, as
> it fixes a test failure we're not triggering otherwise.
I've applied this to video tree since later video patches depend on it.
Thanks,
--
Anatolij
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-09-26 19:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-19 17:15 [U-Boot] [PATCH 1/1] dm: video: check bounds for column and row Heinrich Schuchardt
2018-09-23 11:35 ` Alexander Graf
2018-09-26 19:00 ` Anatolij Gustschin
2018-09-26 18:58 ` Anatolij Gustschin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox