From: Helge Deller Date: Sat, 25 Jun 2022 10:56:49 +0000 (+0200) Subject: [3/4] fbcon: Disallow setting font bigger than screen size X-Git-Tag: archive/raspbian/5.10.127-2+rpi1^2~16 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/%22bookmarks:/?a=commitdiff_plain;h=e84c23d737aaa61ab31bd16a12e76c6501021367;p=linux.git [3/4] fbcon: Disallow setting font bigger than screen size Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=b727561ddc9360de9631af2d970d8ffed676a750 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-33655 commit 65a01e601dbba8b7a51a2677811f70f783766682 upstream. Prevent that users set a font size which is bigger than the physical screen. It's unlikely this may happen (because screens are usually much larger than the fonts and each font char is limited to 32x32 pixels), but it may happen on smaller screens/LCD displays. Signed-off-by: Helge Deller Reviewed-by: Daniel Vetter Reviewed-by: Geert Uytterhoeven Cc: stable@vger.kernel.org # v4.14+ Signed-off-by: Greg Kroah-Hartman Gbp-Pq: Topic bugfix/all Gbp-Pq: Name fbcon-disallow-setting-font-bigger-than-screen-size.patch --- diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index 13de2bebb09..5bf68050a26 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -2510,6 +2510,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, if (charcount != 256 && charcount != 512) return -EINVAL; + /* font bigger than screen resolution ? */ + if (w > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) || + h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres)) + return -EINVAL; + /* Make sure drawing engine can handle the font */ if (!(info->pixmap.blit_x & (1 << (font->width - 1))) || !(info->pixmap.blit_y & (1 << (font->height - 1))))