| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Feb 2022 16:02:40 +0100
From: Helge Deller <deller@....de>
To: Yizhuo Zhai <yzhai003@....edu>
Cc: Daniel Vetter <daniel.vetter@...ll.ch>,
Sam Ravnborg <sam@...nborg.org>,
Matthew Wilcox <willy@...radead.org>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Alex Deucher <alexander.deucher@....com>,
Zhen Lei <thunder.leizhen@...wei.com>,
Zheyu Ma <zheyuma97@...il.com>,
Xiyu Yang <xiyuyang19@...an.edu.cn>,
linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fbdev: fbmem: Fix the implicit type casting
On 1/31/22 07:57, Yizhuo Zhai wrote:
> In function do_fb_ioctl(), the "arg" is the type of unsigned long,
yes, because it comes from the ioctl framework...
> and in "case FBIOBLANK:" this argument is casted into an int before
> passig to fb_blank().
which makes sense IMHO.
> In fb_blank(), the comparision if (blank > FB_BLANK_POWERDOWN) would
> be bypass if the original "arg" is a large number, which is possible
> because it comes from the user input.
The main problem I see with your patch is that you change the behaviour.
Let's assume someone passes in -1UL.
With your patch applied, this means the -1 (which is e.g. 0xffffffff on 32bit)
is converted to a positive integer and will be capped to FB_BLANK_POWERDOWN.
Since most blank functions just check and react on specific values, you changed
the behaviour that the screen now gets blanked at -1, while it wasn't before.
One could now argue, that it's undefined behaviour if people
pass in wrong values, but anyway, it's different now.
So, your patch isn't wrong. I'm just not sure if this is what we want...
Helge
> Signed-off-by: Yizhuo Zhai <yzhai003@....edu>
> ---
> drivers/video/fbdev/core/fbmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
> index 0fa7ede94fa6..a5f71c191122 100644
> --- a/drivers/video/fbdev/core/fbmem.c
> +++ b/drivers/video/fbdev/core/fbmem.c
> @@ -1064,7 +1064,7 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var)
> EXPORT_SYMBOL(fb_set_var);
>
> int
> -fb_blank(struct fb_info *info, int blank)
> +fb_blank(struct fb_info *info, unsigned long blank)
> {
Powered by blists - more mailing lists