From patchwork Sun Nov 21 17:40:01 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasiliy Kulikov X-Patchwork-Id: 345901 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oALHfMKP025304 for ; Sun, 21 Nov 2010 17:41:22 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755014Ab0KURkR (ORCPT ); Sun, 21 Nov 2010 12:40:17 -0500 Received: from mail-ew0-f46.google.com ([209.85.215.46]:43618 "EHLO mail-ew0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754935Ab0KURkO (ORCPT ); Sun, 21 Nov 2010 12:40:14 -0500 Received: by ewy5 with SMTP id 5so1304318ewy.19 for ; Sun, 21 Nov 2010 09:40:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:from:to:cc:subject :date:message-id:x-mailer; bh=CG7eQ6dztvK7HYwL3oj1KhIlrlNnk3b68u9TK3cXOQo=; b=u4B72vJ0fXdTmrh2l/rK/4yvksMTb821OLLzMwO0viE6/u/etUcbYGaCvZu0MHarPL hd6HJlAyVAgoDejozTZn1P5JhCGpB3/YSJgu+EdiCEbX029gouM/rXRYbr9ZNsaqrK8g Zdx0BwMUJp0mlBhOd5+Ns+LeuUoWbcfP/Ejjk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:date:message-id:x-mailer; b=CvmbUsUMmZU33/3HF8jmRmi9k8zAFBN1sVRLcydPQ6UDIp7uXPA87IeXwfGQPRNpAq TywimHHXpWWCoMFBIKnGQaH9ALqzugUlRlAgyZ3VwvGZVtGJRrOwJyeUfUEybL4RMVZS 4buc+4+uHqRsXaV05lEOd0kz5AdNTilxi4XFk= Received: by 10.213.14.79 with SMTP id f15mr3592940eba.58.1290361208007; Sun, 21 Nov 2010 09:40:08 -0800 (PST) Received: from localhost (ppp85-140-163-173.pppoe.mtu-net.ru [85.140.163.173]) by mx.google.com with ESMTPS id b52sm3810955eei.7.2010.11.21.09.40.05 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 21 Nov 2010 09:40:06 -0800 (PST) From: Vasiliy Kulikov To: kernel-janitors@vger.kernel.org Cc: Jaya Kumar , linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] video: arcfb: fix buffer overflow Date: Sun, 21 Nov 2010 20:40:01 +0300 Message-Id: <1290361202-15065-1-git-send-email-segoon@openwall.com> X-Mailer: git-send-email 1.7.0.4 Sender: linux-fbdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fbdev@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Sun, 21 Nov 2010 17:41:22 +0000 (UTC) diff --git a/drivers/video/arcfb.c b/drivers/video/arcfb.c index 3ec4923..67a4cd4 100644 --- a/drivers/video/arcfb.c +++ b/drivers/video/arcfb.c @@ -454,7 +454,7 @@ static ssize_t arcfb_write(struct fb_info *info, const char __user *buf, xres = info->var.xres; fbmemlength = (xres * info->var.yres)/8; - if (p > fbmemlength) + if (p > fbmemlength || (p + count < p)) return -ENOSPC; err = 0;