[PATCH 3.12 022/127] vt: clear selection before resizing
From: Jiri Slaby
Date: Fri Nov 25 2016 - 04:05:12 EST
From: Scot Doyle <lkml14@xxxxxxxxxxxxx>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 009e39ae44f4191188aeb6dfbf661b771dbbe515 upstream.
When resizing a vt its selection may exceed the new size, resulting in
an invalid memory access [1]. Clear the selection before resizing.
[1] http://lkml.kernel.org/r/CACT4Y+acDTwy4umEvf5ROBGiRJNrxHN4Cn5szCXE5Jw-d1B=Xw@xxxxxxxxxxxxxx
Reported-and-tested-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Signed-off-by: Scot Doyle <lkml14@xxxxxxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
drivers/tty/vt/vt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 19aba5091408..d52e653076f4 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -867,6 +867,9 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc,
if (!newscreen)
return -ENOMEM;
+ if (vc == sel_cons)
+ clear_selection();
+
old_rows = vc->vc_rows;
old_row_size = vc->vc_size_row;
--
2.10.2