projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ecdd7df) | patch
fbdev: fix potential buffer overflow in do_register_framebuffer()
authorYongzhen Zhang <zhangyongzhen@kylinos.cn>
Tue, 1 Jul 2025 09:07:04 +0000 (17:07 +0800)
committerHelge Deller <deller@gmx.de>
Sun, 27 Jul 2025 17:56:51 +0000 (19:56 +0200)
commit523b84dc7ccea9c4d79126d6ed1cf9033cf83b05
treecd4cba59beb6f7c3e3ce479535b60ab26ff87e81tree
parentecdd7df997fd992f0ec70b788e3b12258008a2bfcommit | diff
fbdev: fix potential buffer overflow in do_register_framebuffer()

The current implementation may lead to buffer overflow when:
1.  Unregistration creates NULL gaps in registered_fb[]
2.  All array slots become occupied despite num_registered_fb < FB_MAX
3.  The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

Signed-off-by: Yongzhen Zhang <zhangyongzhen@kylinos.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
drivers/video/fbdev/core/fbmem.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)