Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3483628pxb; Mon, 4 Apr 2022 18:25:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxHIc+x0XVIOL05Cuj3eAXe75GMP2HC5XJSbLzfQdsiksvZR5YJGW2Q6wBeACTsH0sS+BH1 X-Received: by 2002:a63:b20e:0:b0:398:5b28:e54a with SMTP id x14-20020a63b20e000000b003985b28e54amr801440pge.443.1649121955850; Mon, 04 Apr 2022 18:25:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649121955; cv=none; d=google.com; s=arc-20160816; b=e567E4V2V9sz606cgTncEDhIGmF/DN0TlcJbkukYiXn6Gw9kzduAIYTICmLxQU48Vx EHV5EXmMQpl87LSaSmDKxyQdR0L201h8SX7j8Wb9HmVn/tTs/SLTDw5f4TTAD5/2PCmT vH5NVapHsyHftxXksdZkgih7JmzSpSoapf55zwj62doWtD0t3ZuDmDyHdrs5bk0cgyQM CaxgdtO4LnGvQUH9wWzXs5L5XO+N4nlCBejDrB0Ywkry4QDCyW1FgyCSeYNDyeaq8/kT FtS8YvhdXHoslvomfAbw0b8x0EdHfaunyHqHbgyLslJuyJ12v3h04job3Dci2H22VYGP 4k5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=99A9a3hHeLpuMdZogws2agT3Pd/9V9gAGhJHXsYptTw=; b=ldckNfUJf7f6yVInkhCeT1LPP0AZUTVYMoLYJlWhCWyOx2JnvFt2wAPQmL9ahI9qIc EJSDIsBM9ZJWzFXxVJ0ZSnWSOoccjht8gqGevLH6feXWnsCHTgnwkdaubsELtuZPNb6B x1HkYZyVMKush/XKtXNw5ylgTMtHE5BqZvKZuB1qdSERYijn3n/doqmDwMLeX/lH1PUK YBDRSdy2yPlmCckBzpfBC6YDK5ttnn5HiLbv2lru52DibPUFkL2t3E4Tja0XPync/3KS Ezu2HLhWR7KOGwAEZmkPV641dDAfbvDaX+ktlZgxbVxU/UbecBsBMEi1cZRhU6v+R3Xh Sp3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=FEWaJFqH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id w10-20020a170902e88a00b00156b76b7441si2890688plg.426.2022.04.04.18.25.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 18:25:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=FEWaJFqH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E0D7616068C; Mon, 4 Apr 2022 17:16:06 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344390AbiDDIue (ORCPT + 99 others); Mon, 4 Apr 2022 04:50:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242301AbiDDItv (ORCPT ); Mon, 4 Apr 2022 04:49:51 -0400 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 109873B540; Mon, 4 Apr 2022 01:47:56 -0700 (PDT) Received: by mail-pj1-x102e.google.com with SMTP id gt4so2239587pjb.4; Mon, 04 Apr 2022 01:47:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=99A9a3hHeLpuMdZogws2agT3Pd/9V9gAGhJHXsYptTw=; b=FEWaJFqHiORNV4n3ITN4hvIxL/s/r/ujDrwxJkvlaNB8kwZiS7A/KFs0C6nSH9Fjj6 hNV2GTIYaKbOjwploqMSVC3IkiQ05w14dN/RGAB8X+ZUWmFvKEk5sV3bc6Bx758tPqHO U2reaV4WrwQFVFhhL69S6ey2NDHe74btKudCdicMuTYguS0WMfO/xMb5nQ9CIifNSOkA TMPenuoIkkxwusMIeBOg0m7n7IG3XCVpVwQtNJBYiCUz+ujG6hh/6zX8ne+OduhAujW1 MmPUHKNB2dDspHO3g9QYl+owLNVEgfl8hubi9rQ1xusjDFxsx1kIdlwZfP//ZNtzqbKA M9oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=99A9a3hHeLpuMdZogws2agT3Pd/9V9gAGhJHXsYptTw=; b=e61PPw0t9fu3LPv+vKMQzUD/zjz0UXoB4wE4Blzk9nHQ66C5g7SLrv8whpyYuG12QO 1fv0SJJRjRL8SKmkyrtbZFUXkMM69L28tvTizptGieWOPCP0ZiYtPcnzjutZ2itbdYWt xiv670I6BKbRAjHhJrNJ23VAOycJSB3pNoNWXEAoUSJmEAoLptYlqeSFfW9upLj0HxLt TWtOEbLfpITkErbYHooLFrSAWyPYMjq6OjmpwasIZeCUHxZul5w7i190ZEUr/hr351j3 MLsdRpo3BzG47FYZdRcLJlPVQELVQEY7RcM+hIQd+5ABCtzd9L5XYQh5EfEseLTyxt2Q M6tA== X-Gm-Message-State: AOAM532pGMOuqokwsDgdpPgpEOxUqOC+2/A9t6H0Guvp8Jzk7nQ+BI1L uV+C2VEmppdQrSe1sMECQQ== X-Received: by 2002:a17:90a:7288:b0:1ca:6e77:84a0 with SMTP id e8-20020a17090a728800b001ca6e7784a0mr9647359pjg.60.1649062075558; Mon, 04 Apr 2022 01:47:55 -0700 (PDT) Received: from localhost.localdomain ([144.202.91.207]) by smtp.gmail.com with ESMTPSA id u6-20020a17090a3fc600b001ca88b0bdfesm3991960pjm.13.2022.04.04.01.47.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 01:47:55 -0700 (PDT) From: Zheyu Ma To: deller@gmx.de Cc: linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Zheyu Ma Subject: [PATCH 4/7] video: fbdev: vt8623fb: Error out if 'pixclock' equals zero Date: Mon, 4 Apr 2022 16:47:20 +0800 Message-Id: <20220404084723.79089-5-zheyuma97@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220404084723.79089-1-zheyuma97@gmail.com> References: <20220404084723.79089-1-zheyuma97@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of 'pixclock', it may cause divide error. Fix this by checking whether 'pixclock' is zero in the function vt8623fb_check_var(). The following log reveals it: [ 47.778727] divide error: 0000 [#1] PREEMPT SMP KASAN PTI [ 47.778803] RIP: 0010:vt8623fb_set_par+0xecd/0x2210 [ 47.778870] Call Trace: [ 47.778872] [ 47.778909] fb_set_var+0x604/0xeb0 [ 47.778995] do_fb_ioctl+0x234/0x670 [ 47.779041] fb_ioctl+0xdd/0x130 [ 47.779048] do_syscall_64+0x3b/0x90 Signed-off-by: Zheyu Ma --- drivers/video/fbdev/vt8623fb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/vt8623fb.c b/drivers/video/fbdev/vt8623fb.c index 7a959e5ba90b..a92a8c670cf0 100644 --- a/drivers/video/fbdev/vt8623fb.c +++ b/drivers/video/fbdev/vt8623fb.c @@ -321,6 +321,9 @@ static int vt8623fb_check_var(struct fb_var_screeninfo *var, struct fb_info *inf { int rv, mem, step; + if (!var->pixclock) + return -EINVAL; + /* Find appropriate format */ rv = svga_match_format (vt8623fb_formats, var, NULL); if (rv < 0) -- 2.25.1