Skip to content
Commit e5017716 authored by Dan Carpenter's avatar Dan Carpenter Committed by Bartlomiej Zolnierkiewicz
Browse files

fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()



The "index + count" addition can overflow.  Both come directly from the
user.  This bug leads to an information leak.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Cc: Peter Malone <peter.malone@gmail.com>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Mathieu Malaterre <malat@debian.org>
Signed-off-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
parent d8bad911
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment