fbdev: savage: Error out if pixclock equals zero
stable inclusion from stable-v4.19.308 commit 224453de8505aede1890f007be973925a3edf6a1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9E2Y8 CVE: CVE-2024-26778 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=224453de8505aede1890f007be973925a3edf6a1 -------------------------------- [ Upstream commit 04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 ] The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b82. Signed-off-by:Fullway Wang <fullwaywang@outlook.com> Signed-off-by:
Loading
Please sign in to comment