fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
[ Upstream commit e5017716adb8aa5c01c52386c1b7470101ffe9c5 ] The "index + count" addition can overflow. Both come directly from the user. This bug leads to an information leak. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Cc: Peter Malone <peter.malone@gmail.com> Cc: Philippe Ombredanne <pombredanne@nexb.com> Cc: Mathieu Malaterre <malat@debian.org> Signed-off-by: NBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> Signed-off-by: NSasha Levin <sashal@kernel.org>
Showing
想要评论请 注册 或 登录