DivestOS/Patches/Linux_CVEs/CVE-2014-9781/ANY/0.patch
2017-10-29 22:14:37 -04:00

38 lines
1.0 KiB
Diff

From a2b5237ad265ec634489c8b296d870827b2a1b13 Mon Sep 17 00:00:00 2001
From: Shalabh Jain <shalabhj@codeaurora.org>
Date: Tue, 12 Nov 2013 15:10:44 -0800
Subject: fbcmap: prevent memory overflow
Add bounds check before copying data to prevent
buffer overflow.
Change-Id: I47b9685b1ab13c4863fb6db62bbb9497a00b36da
Signed-off-by: Shalabh Jain <shalabhj@codeaurora.org>
---
drivers/video/fbcmap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c
index 31e93a5..f26570d 100644
--- a/drivers/video/fbcmap.c
+++ b/drivers/video/fbcmap.c
@@ -203,11 +203,13 @@ int fb_cmap_to_user(const struct fb_cmap *from, struct fb_cmap_user *to)
fromoff = to->start - from->start;
else
tooff = from->start - to->start;
+ if ((to->len <= tooff) || (from->len <= fromoff))
+ return -EINVAL;
+
size = to->len - tooff;
+
if (size > (int) (from->len - fromoff))
size = from->len - fromoff;
- if (size <= 0)
- return -EINVAL;
size *= sizeof(u16);
if (from->red && to->red)
--
cgit v1.1