| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Sep 2013 19:32:04 +0800
From: 徐永健 <xuyongjiande@...il.com>
To: linux-kernel@...r.kernel.org
Subject: [BUG] Buffer Overflow in drivers/video/fbmem.c
Hi,
Buffer overflow found in drivers/video/fbmem.c.
[Version]:Newest
[Detail]:
1592 static int do_register_framebuffer(struct fb_info *fb_info)
1593 {
1594 | int i;
1595 | struct fb_event event;
1596 | struct fb_videomode mode;
........
1607 | num_registered_fb++;
1608 | for (i = 0 ; i < FB_MAX; i++) //******* i could be FB_MAX
after loop *********/
1609 | | if (!registered_fb[i])
1610 | | | break;
........
1646 | fb_var_to_videomode(&mode, &fb_info->var);
1647 | fb_add_videomode(&mode, &fb_info->modelist);
1648 | registered_fb[i] = fb_info; // ****** Here will be a
off-by-one overflow *******/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists