lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 18 Mar 2024 08:11:48 +0000
From: Roman Smirnov <r.smirnov@....ru>
To: Helge Deller <deller@....de>, Daniel Vetter <daniel@...ll.ch>
CC: Thomas Zimmermann <tzimmermann@...e.de>, Sergey Shtylyov
	<s.shtylyov@....ru>, Karina Yankevich <k.yankevich@....ru>,
	"linux-fbdev@...r.kernel.org" <linux-fbdev@...r.kernel.org>,
	"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org>
Subject: Re: [PATCH v2] fbmon: prevent division by zero in
 fb_videomode_from_videomode()

On Fri, 15 Mar 2024 09:44:08 +0100 Helge Deller wrote:
> On 3/5/24 14:51, Roman Smirnov wrote:
> > The expression htotal * vtotal can have a zero value on
> > overflow.
> 
> I'm not sure if thos always results in zero in kernel on overflow.
> Might be architecture-depended too, but let's assume it
> can become zero, ....
> 
> > It is necessary to prevent division by zero like in
> > fb_var_to_videomode().
> >
> > Found by Linux Verification Center (linuxtesting.org) with Svace.
> >
> > Signed-off-by: Roman Smirnov <r.smirnov@....ru>
> > Reviewed-by: Sergey Shtylyov <s.shtylyov@....ru>
> > ---
> >   V1 -> V2: Replaced the code of the first version with a check.
> >
> >   drivers/video/fbdev/core/fbmon.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
> > index 79e5bfbdd34c..b137590386da 100644
> > --- a/drivers/video/fbdev/core/fbmon.c
> > +++ b/drivers/video/fbdev/core/fbmon.c
> > @@ -1344,7 +1344,7 @@ int fb_videomode_from_videomode(const struct videomode *vm,
> >        vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
> >                 vm->vsync_len;
> >        /* prevent division by zero */
> > -     if (htotal && vtotal) {
> > +     if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal)) {
> 
> why don't you then simply check for
>         if .. ((htotal * vtotal) == 0) ...
> instead?
> 
> Helge

Thomas Zimmermann from the previous discussion said:

On Tue, 5 Mar 2024 11:18:05 +0100 Thomas Zimmerman wrote:
> Maybe use
>
>    if (htotal && vtotal && (vm->pixelclock / htotal >= vtotal))
>
> for the test. That rules out overflowing multiplication and sets
> refresh to 0 in such cases.

This prevents overflow, which is also a problematic case.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ