Commit 5de30b28 authored Jun 03, 2020 by Denis Efremov Committed by Greg Kroah-Hartman Jun 24, 2020

tty/vt: check allocation size in con_set_unimap()



The vmemdup_user() function has no 2-factor argument form. Use array_size()
to check for the overflow.

Signed-off-by: Denis Efremov <efremov@linux.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200603102804.2110817-1-efremov@linux.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 5ba12787

drivers/tty/vt/consolemap.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -542,7 +542,7 @@ int con_set_unimap(struct vc_data vc, ushort ct, struct unipair __user list)
		if (!ct)
		return 0;

		unilist = vmemdup_user(list, ct * sizeof(struct unipair));
		unilist = vmemdup_user(list, array_size(sizeof(struct unipair), ct));
		if (IS_ERR(unilist))
		return PTR_ERR(unilist);