vcsa: clamp header values when they don't fit

The /dev/vcsa* devices have a fixed char-sized header that stores the
screen geometry and cursor location. Let's make sure it doesn't contain
random garbage when those values exceed 255. If ever it becomes necessary
to convey larger screen info to user space then a larger header in the
not-yet-implemented /dev/vcsua* devices should be considered.

Signed-off-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c
index 2384ea85ffafed31c9450481125dc7740a4b387c..3dba60825c08055b439e566f26f28d4e0d396255 100644 (file)
--- a/drivers/tty/vt/vc_screen.c
+++ b/drivers/tty/vt/vc_screen.c
@@ -335,8 +335,9 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
                        if (p < HEADER_SIZE) {
                                size_t tmp_count;
 
-                               con_buf0[0] = (char)vc->vc_rows;
-                               con_buf0[1] = (char)vc->vc_cols;
+                               /* clamp header values if they don't fit */
+                               con_buf0[0] = min(vc->vc_rows, 0xFFu);
+                               con_buf0[1] = min(vc->vc_cols, 0xFFu);
                                getconsxy(vc, con_buf0 + 2);
 
                                con_buf_start += p;

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 41ec8e5010f30a544b82ca439cc5a481fe499b19..7cfa1996331644205a14c742dfca83514a769baa 100644 (file)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -4607,8 +4607,9 @@ EXPORT_SYMBOL_GPL(screen_pos);
 
 void getconsxy(struct vc_data *vc, unsigned char *p)
 {
-       p[0] = vc->vc_x;
-       p[1] = vc->vc_y;
+       /* clamp values if they don't fit */
+       p[0] = min(vc->vc_x, 0xFFu);
+       p[1] = min(vc->vc_y, 0xFFu);
 }
 
 void putconsxy(struct vc_data *vc, unsigned char *p)