aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorFlorian Tobias Schandinat <FlorianSchandinat@gmx.de>2009-09-22 19:47:41 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-09-23 10:39:56 -0400
commit99e9e7d62becd6c7413a9e8fbda7f5b66adb5cbf (patch)
tree63ffee25ae6f56a41ff227aea44556a2d16ee907 /drivers
parentff8147fe71246b81a48de5f37041b026b57d60ca (diff)
fb: fix fb_pan_display range check
Fix the range check for panning. The current code fails to detect some invalid values (very high ones that can occur if an app tries to move further up/left than 0,0) as the check uses the unknown values for calculation so that an overflow can occur. To fix this it is sufficient to move the calculation to the right side to use only trusted values. Kai Jiang detected this problem and proposed an initial patch. Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de> Cc: Kai Jiang <b18973@freescale.com> Cc: Krzysztof Helt <krzysztof.h1@poczta.fm> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/video/fbmem.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
index a85c818be945..346f257215a7 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -871,8 +871,8 @@ fb_pan_display(struct fb_info *info, struct fb_var_screeninfo *var)
871 err = -EINVAL; 871 err = -EINVAL;
872 872
873 if (err || !info->fbops->fb_pan_display || 873 if (err || !info->fbops->fb_pan_display ||
874 var->yoffset + yres > info->var.yres_virtual || 874 var->yoffset > info->var.yres_virtual - yres ||
875 var->xoffset + info->var.xres > info->var.xres_virtual) 875 var->xoffset > info->var.xres_virtual - info->var.xres)
876 return -EINVAL; 876 return -EINVAL;
877 877
878 if ((err = info->fbops->fb_pan_display(var, info))) 878 if ((err = info->fbops->fb_pan_display(var, info)))