| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Mar 2023 10:51:15 +0000
From: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
To: Thomas Zimmermann <tzimmermann@...e.de>,
"deller@....de" <deller@....de>,
"geert+renesas@...der.be" <geert+renesas@...der.be>,
"timur@...nel.org" <timur@...nel.org>,
"rdunlap@...radead.org" <rdunlap@...radead.org>,
"paulus@...ba.org" <paulus@...ba.org>,
"benh@...nel.crashing.org" <benh@...nel.crashing.org>,
"linux@...linux.org.uk" <linux@...linux.org.uk>,
"pjones@...hat.com" <pjones@...hat.com>,
"adaplas@...il.com" <adaplas@...il.com>,
"s.hauer@...gutronix.de" <s.hauer@...gutronix.de>,
"shawnguo@...nel.org" <shawnguo@...nel.org>,
"mbroemme@...mpq.org" <mbroemme@...mpq.org>,
"thomas@...ischhofer.net" <thomas@...ischhofer.net>,
"James.Bottomley@...senPartnership.com"
<James.Bottomley@...senPartnership.com>,
"sudipm.mukherjee@...il.com" <sudipm.mukherjee@...il.com>,
"teddy.wang@...iconmotion.com" <teddy.wang@...iconmotion.com>,
"corbet@....net" <corbet@....net>
CC: "linux-fbdev@...r.kernel.org" <linux-fbdev@...r.kernel.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 031/101] fbdev/hyperv_fb: Duplicate video-mode option
string
From: Thomas Zimmermann <tzimmermann@...e.de> Sent: Thursday, March 9, 2023 8:01 AM
>
> Assume that the driver does not own the option string or its substrings
> and hence duplicate the option string for the video mode. As the driver
> implements a very simple mode parser in a fairly unstructured way, just
> duplicate the option string and parse the duplicated memory buffer. Free
> the buffer afterwards.
>
> Done in preparation of constifying the option string and switching the
> driver to struct option_iter.
>
> Signed-off-by: Thomas Zimmermann <tzimmermann@...e.de>
> ---
> drivers/video/fbdev/hyperv_fb.c | 18 +++++++++++++-----
> 1 file changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c
> index 4a6a3303b6b4..edb0555239c6 100644
> --- a/drivers/video/fbdev/hyperv_fb.c
> +++ b/drivers/video/fbdev/hyperv_fb.c
> @@ -903,17 +903,23 @@ static const struct fb_ops hvfb_ops = {
> static void hvfb_get_option(struct fb_info *info)
> {
> struct hvfb_par *par = info->par;
> - char *opt = NULL, *p;
> + char *options = NULL;
> + char *optbuf, *opt, *p;
> uint x = 0, y = 0;
>
> - if (fb_get_options(KBUILD_MODNAME, &opt) || !opt || !*opt)
> + if (fb_get_options(KBUILD_MODNAME, &options) || !options || !*options)
> return;
>
> + optbuf = kstrdup(options, GFP_KERNEL);
> + if (!optbuf)
> + return;
> + opt = optbuf;
> +
> p = strsep(&opt, "x");
> if (!*p || kstrtouint(p, 0, &x) ||
> !opt || !*opt || kstrtouint(opt, 0, &y)) {
> pr_err("Screen option is invalid: skipped\n");
> - return;
> + goto out;
> }
>
> if (x < HVFB_WIDTH_MIN || y < HVFB_HEIGHT_MIN ||
> @@ -922,12 +928,14 @@ static void hvfb_get_option(struct fb_info *info)
> (par->synthvid_version == SYNTHVID_VERSION_WIN8 &&
> x * y * screen_depth / 8 > SYNTHVID_FB_SIZE_WIN8)) {
> pr_err("Screen resolution option is out of range: skipped\n");
> - return;
> + goto out;
> }
>
> screen_width = x;
> screen_height = y;
> - return;
> +
> +out:
> + kfree(optbuf);
> }
>
> /*
> --
> 2.39.2
Reviewed-by: Michael Kelley <mikelley@...rosoft.com>
Powered by blists - more mailing lists