e5017716adb8aa5c01c52386c1b7470101ffe9c5 - kernel/msm-5.4

commit	e5017716adb8aa5c01c52386c1b7470101ffe9c5	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Mon Oct 08 12:57:36 2018 +0200
committer	Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>	Mon Oct 08 12:57:36 2018 +0200
tree	9fe13b9419608329515b18beee4a922fab4d68fa
parent	d8bad911e5e55e228d59c0606ff7e6b8131ca7bf [diff]

fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()

The "index + count" addition can overflow.  Both come directly from the
user.  This bug leads to an information leak.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Peter Malone <peter.malone@gmail.com>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

drivers/video/fbdev/sbuslib.c[diff]

1 file changed

tree: 9fe13b9419608329515b18beee4a922fab4d68fa