| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <542A88DE.6080301@ti.com>
Date: Tue, 30 Sep 2014 13:41:34 +0300
From: Tomi Valkeinen <tomi.valkeinen@...com>
To: Mikulas Patocka <mpatocka@...hat.com>,
Jean-Christophe Plagniol-Villard <plagnioj@...osoft.com>
CC: <linux-fbdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] framebuffer: fix screen corruption when copying
On 16/09/14 19:38, Mikulas Patocka wrote:
> The function bitcpy_rev has a bug that may result in screen corruption.
> The bug happens under these conditions:
> * the end of the destination area of a copy operation is aligned on a long
> word boundary
> * the end of the source area is not aligned on a long word boundary
> * we are copying more than one long word
>
> In this case, the variable shift is non-zero and the variable first is
> zero. The statements FB_WRITEL(comp(d0, FB_READL(dst), first), dst) reads
> the last long word of the destination and writes it back unchanged
> (because first is zero). Correctly, we should write the variable d0 to the
> last word of the destination in this case.
>
> This patch fixes the bug by introducing and extra test if first is zero.
>
> The patch also removes the references to fb_memmove in the code that is
> commented out because fb_memmove was removed from framebuffer subsystem.
Thanks, queued for 3.18.
Tomi
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists