On 1/18/24 07:24, Fullway Wang wrote:
> The userspace program could pass any values to the driver through
> ioctl() interface. If the driver doesn't check the value of pixclock,
> it may cause divide-by-zero error.
>
> In sisfb_check_var(), var->pixclock is used as a divisor to caculate
> drate before it is checked against zero. Fix this by checking it
> at the beginning.
>
> This is similar to CVE-2022-3061 in i740fb which was fixed by
> commit 15cf0b8.
>
> Signed-off-by: Fullway Wang <[email protected]>
> ---
> drivers/video/fbdev/sis/sis_main.c | 2 ++
> 1 file changed, 2 insertions(+)
I've applied this patch and your savage patch to fbdev git tree.
Thanks!
Helge