| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240313112518.2030805-1-korotkov.maxim.s@gmail.com>
Date: Wed, 13 Mar 2024 14:25:18 +0300
From: Maxim Korotkov <korotkov.maxim.s@...il.com>
To: Gerd Hoffmann <kraxel@...hat.com>
Cc: Maxim Korotkov <korotkov.maxim.s@...il.com>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>,
Thomas Zimmermann <tzimmermann@...e.de>,
David Airlie <airlied@...il.com>,
Daniel Vetter <daniel@...ll.ch>,
virtualization@...ts.linux.dev,
dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org,
Maxim Korotkov <m.korotkov@...uritycode.ru>
Subject: [PATCH] drm/bochs: avoided potential integer overflow
if the bochs_dispi_read() function returns a value between
0x8000 and 0xFFFF, then an overflow may occurs.
Found by Security Code and Linux Verification Center (linuxtesting.org)
Signed-off-by: Maxim Korotkov <m.korotkov@...uritycode.ru>
---
drivers/gpu/drm/tiny/bochs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/tiny/bochs.c b/drivers/gpu/drm/tiny/bochs.c
index c23c9f0cf49c..ad31049f9779 100644
--- a/drivers/gpu/drm/tiny/bochs.c
+++ b/drivers/gpu/drm/tiny/bochs.c
@@ -240,7 +240,7 @@ static int bochs_hw_init(struct drm_device *dev)
id = bochs_dispi_read(bochs, VBE_DISPI_INDEX_ID);
mem = bochs_dispi_read(bochs, VBE_DISPI_INDEX_VIDEO_MEMORY_64K)
- * 64 * 1024;
+ * mul_u32_u32(64, 1024);
if ((id & 0xfff0) != VBE_DISPI_ID0) {
DRM_ERROR("ID mismatch\n");
return -ENODEV;
--
2.34.1
Powered by blists - more mailing lists