| commit | 414edcd32aa54bad8827e7c74cace168006c5fab | |
| author | Antonino A. Daplas <adaplas@gmail.com> | |
| Tue, 6 Sep 2005 22:17:52 +0000 (6 15:17 -0700) | ||
| committer | Linus Torvalds <torvalds@g5.osdl.org> | |
| Wed, 7 Sep 2005 23:57:36 +0000 (7 16:57 -0700) | ||
| tree | 4c4861b54b2c1529c4677e6d31bb6027568aaa1a | treesnapshot (tar.gz zip) |
| parent | eed74dfcd48101d259012ac08d29061eea500249 | commitdiff |
[PATCH] vt: fix possible memory corruption in complement_pos
Based on a patch from Andr Pereira de Almeida <andre@cachola.com.br>
It might be possible for the saved pointer (*p) to become invalid in
between vc_resizes, so saving the screen offset instead of the screen
pointer is saner.
This bug is very hard to trigger though, but Andre probably did, if he's
submitting this patch. Anyway, with Andre's patch, it's still possible for
the offsets to be still illegal, if the new screen size is smaller than the
old one. So I've also added checks if the offsets are still within the
screenbuffer size.
Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Based on a patch from Andr Pereira de Almeida <andre@cachola.com.br>
It might be possible for the saved pointer (*p) to become invalid in
between vc_resizes, so saving the screen offset instead of the screen
pointer is saner.
This bug is very hard to trigger though, but Andre probably did, if he's
submitting this patch. Anyway, with Andre's patch, it's still possible for
the offsets to be still illegal, if the new screen size is smaller than the
old one. So I've also added checks if the offsets are still within the
screenbuffer size.
Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| drivers/char/vt.c | diffblobblamehistory |