Re: [PATCH v2] vt: Reject zero-sized screen buffer size.

From: Tetsuo Handa
Date: Mon Jul 20 2020 - 19:00:49 EST

Next message: Logan Gunthorpe: "Re: [PATCH v15 7/9] nvmet-passthru: Add passthru code to process commands"
Previous message: Rob Herring: "Re: [PATCH 02/21] dt-binding: memory: mediatek: Extend LARB_NR_MAX to 32"
In reply to: Brooke Basile: "Re: [PATCH v2] vt: Reject zero-sized screen buffer size."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020/07/21 0:40, Brooke Basile wrote:
> Looks like this patch also fixes this bug reported by syzbot:
> https://syzkaller.appspot.com/bug?id=dc5c6b1ae4952a5d72d0e82de0eeeb9e5f767efc
>
> There's a lot of other bugs that were reported by syzbot that also touch this code, so I just wanted to give a heads up in case you weren't already aware of them. It seems like this patch could be a fix for all of them.
>
> Here are the links to those other bugs:
> https://syzkaller.appspot.com/bug?id=3e2ad4922b18026c1579f50900747401842acdff
> https://syzkaller.appspot.com/bug?id=7329638ab83b70fc8fab07e14c4b2fcdc73af21d
> https://syzkaller.appspot.com/bug?id=01703eb07363bd1f9757bc4a54994455fc9db9dc
> https://syzkaller.appspot.com/bug?id=7a04be77a06aae337077e00f0ecdb2239dfc2fc3
> https://syzkaller.appspot.com/bug?id=ff1543b5ade351b9d6c4ef51c805d89422a8271d
>

Indeed they all access around UINT_MAX address. Marked as dup. Thank you.

Next message: Logan Gunthorpe: "Re: [PATCH v15 7/9] nvmet-passthru: Add passthru code to process commands"
Previous message: Rob Herring: "Re: [PATCH 02/21] dt-binding: memory: mediatek: Extend LARB_NR_MAX to 32"
In reply to: Brooke Basile: "Re: [PATCH v2] vt: Reject zero-sized screen buffer size."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]