| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 Feb 2013 20:06:09 -0500 (EST)
From: Nicolas Pitre <nicolas.pitre@...aro.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Jean-François Moine <moinejf@...e.fr>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: [PATCH] tty vt: fix character insertion overflow
Commit 81732c3b2f (tty vt: Fix line garbage in virtual console on
command line edition) broke insert_char() in multiple ways. Then
commit b1a925f44a (tty vt: Fix a regression in command line edition)
partially fixed it. However, the buffer being moved is still too large
and overflowing beyond the end of the current line, corrupting existing
characters on the next line.
Example test case:
echo -e "abc\nde\x1b[A\x1b[4h \x1b[4l\x1b[B"
Expected result:
ab c
de
Current result:
ab c
e
Needless to say that this is very annoying when inserting words in the
middle of paragraphs with certain text editors.
Signed-off-by: Nicolas Pitre <nico@...aro.org>
Cc: Jean-François Moine <moinejf@...e.fr>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: <stable@...r.kernel.org>
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 1a27280..6c4abea 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -539,7 +539,7 @@ static void insert_char(struct vc_data *vc, unsigned int nr)
{
unsigned short *p = (unsigned short *) vc->vc_pos;
- scr_memmovew(p + nr, p, (vc->vc_cols - vc->vc_x) * 2);
+ scr_memmovew(p + nr, p, (vc->vc_cols - vc->vc_x - nr) * 2);
scr_memsetw(p, vc->vc_video_erase_char, nr * 2);
vc->vc_need_wrap = 0;
if (DO_UPDATE(vc))
Powered by blists - more mailing lists