Re: [PATCH] fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.

15 Jul 2020

      On 2020/07/15 2:15, George Kennedy wrote:
...
Can you try the a.out built from the original Syzkaller modified repro C program? It walks 0-7 through xres and yres of the fb_var_screeninfo struct.
I'm not familiar with exploit code. What do you want to explain via this program?
...
struct fb_var_screeninfo *varp = (struct fb_var_screeninfo *)0x200001c0;
  struct fb_var_screeninfo *starting_varp = malloc(sizeof(struct fb_var_screeninfo *));
...
memcpy(starting_varp, varp, sizeof(struct fb_var_screeninfo));

...
        memcpy(varp, starting_varp, sizeof(struct fb_var_screeninfo));

At least, I suspect there is a memory corruption bug in this program
because of malloc()ing only sizeof(struct fb_var_screeninfo *) bytes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Re: [PATCH] fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.