[src/trunk]: src/sys/dev/fdt Sanity check size vs width x height x depth. Bu...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/dev/fdt Sanity check size vs width x height x depth. Bu...
From: skrll <skrll%NetBSD.org@localhost>
Date: Tue, 02 Mar 2021 10:37:05 +0000

details:   https://anonhg.NetBSD.org/src/rev/bb028885493a
branches:  trunk
changeset: 953248:bb028885493a
user:      skrll <skrll%NetBSD.org@localhost>
date:      Tue Mar 02 07:02:05 2021 +0000

description:
Sanity check size vs width x height x depth.  Buggy firmware exists.

diffstat:

 sys/arch/arm/fdt/arm_simplefb.c |  7 +++++--
 sys/dev/fdt/simplefb.c          |  9 +++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diffs (58 lines):

diff -r 6dd423bf17b1 -r bb028885493a sys/arch/arm/fdt/arm_simplefb.c
--- a/sys/arch/arm/fdt/arm_simplefb.c   Tue Mar 02 06:31:25 2021 +0000
+++ b/sys/arch/arm/fdt/arm_simplefb.c   Tue Mar 02 07:02:05 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: arm_simplefb.c,v 1.8 2021/01/27 03:10:19 thorpej Exp $ */
+/* $NetBSD: arm_simplefb.c,v 1.9 2021/03/02 07:02:05 skrll Exp $ */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
 #include "opt_vcons.h"
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: arm_simplefb.c,v 1.8 2021/01/27 03:10:19 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: arm_simplefb.c,v 1.9 2021/03/02 07:02:05 skrll Exp $");
 
 #include <sys/param.h>
 #include <sys/bus.h>
@@ -237,6 +237,9 @@
                return;
        }
 
+       if (size < width * height * depth)
+               return;
+
        if (bus_space_map(bst, addr, size,
            BUS_SPACE_MAP_LINEAR | BUS_SPACE_MAP_PREFETCHABLE, &bsh) != 0)
                return;
diff -r 6dd423bf17b1 -r bb028885493a sys/dev/fdt/simplefb.c
--- a/sys/dev/fdt/simplefb.c    Tue Mar 02 06:31:25 2021 +0000
+++ b/sys/dev/fdt/simplefb.c    Tue Mar 02 07:02:05 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: simplefb.c,v 1.12 2021/01/27 03:10:21 thorpej Exp $ */
+/* $NetBSD: simplefb.c,v 1.13 2021/03/02 07:02:06 skrll Exp $ */
 
 /*-
  * Copyright (c) 2017 Jared McNeill <jmcneill%invisible.ca@localhost>
@@ -29,7 +29,7 @@
 #include "opt_wsdisplay_compat.h"
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: simplefb.c,v 1.12 2021/01/27 03:10:21 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: simplefb.c,v 1.13 2021/03/02 07:02:06 skrll Exp $");
 
 #include <sys/param.h>
 #include <sys/bus.h>
@@ -169,6 +169,11 @@
                return ENXIO;
        }
 
+       if (size < width * height * depth) {
+               aprint_error(": incorrect size\n");
+               return ENXIO;
+       }
+
        /* Device may have been reconfigured. MD code will tell us. */
        if (prop_dictionary_get_uint64(dict, "simplefb-physaddr", &sfb_addr) &&
            sfb_addr != 0) {

Prev by Date: [src/trunk]: src/sys/arch/macppc/conf add gffb
Next by Date: [src/trunk]: src/tests/net/if_wg Bump tentative flag timeout (-w) from 10 to ...
Previous by Thread: [src/trunk]: src/sys/arch/macppc/conf add gffb
Next by Thread: [src/trunk]: src/tests/net/if_wg Bump tentative flag timeout (-w) from 10 to ...
Indexes:

Home | Main Index | Thread Index | Old Index