Page MenuHomeFreeBSD
Differential D34220

vt: fix splash_cpu logos use of vd_drawrect
ClosedPublic
Actions

Authored by sg2342_googlemail.com on Feb 9 2022, 1:27 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 14, 8:45 AM
Unknown Object (File)
Mon, Oct 13, 3:10 AM
Unknown Object (File)
Sat, Oct 11, 8:59 AM
Unknown Object (File)
Sat, Oct 11, 6:56 AM
Unknown Object (File)
Wed, Oct 8, 9:33 AM
Unknown Object (File)
Thu, Oct 2, 4:27 PM
Unknown Object (File)
Wed, Oct 1, 4:10 AM
Unknown Object (File)
Tue, Sep 30, 11:55 PM
View All Files
Subscribers
imp
lwhsu
Contributor Reviews (src)

Details

Reviewers
imp
emaste
cem
Commits
rG5fed793a5086: vt: fix splash_cpu logos use of vd_drawrect
rG06296f77c5bc: vt: fix splash_cpu logos use of vd_drawrect
Summary

This fixes a memory corruption (author clearly did not intend to write to a non-existing
pixel column).

In the (extremely unlikely) case of vd->vd_height == vt_logo_sprite_height ; the
vd_drawrect code will write outside of frame-buffer memory.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sg2342_googlemail.com created this revision.Feb 9 2022, 1:27 AM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptFeb 9 2022, 1:27 AM
sg2342_googlemail.com requested review of this revision.Feb 9 2022, 1:27 AM
Harbormaster completed remote builds in B44364: Diff 102543.Feb 9 2022, 1:27 AM
lwhsu added a subscriber: lwhsu.Feb 9 2022, 1:32 AM
sg2342_googlemail.com mentioned this in D34221: vt: implement rotation for framebuffer consoles.Feb 9 2022, 1:51 AM
sg2342_googlemail.com added reviewers: imp, emaste.Feb 9 2022, 2:29 AM
emaste added a reviewer: cem.Feb 9 2022, 2:30 AM
cem added inline comments.Feb 9 2022, 2:43 AM
sys/dev/vt/vt_cpulogos.c
138–139

We also want to subtract one from vt_logo_sprite_height as well, right?

But I am a little surprised we don't do any dimension validation in vd_drawrect implementations s.t. we get memory corruption.

sg2342_googlemail.com updated this revision to Diff 102545.Feb 9 2022, 2:47 AM

subtract one from vt_logo_sprite_height as well

Harbormaster completed remote builds in B44366: Diff 102545.Feb 9 2022, 2:47 AM
sg2342_googlemail.com added a comment.Feb 9 2022, 2:50 AM

i was glad that there was no dimension validation in vt_fb_drawrect(), otherwise https://reviews.freebsd.org/D34221 would be more complicated to do.

sg2342_googlemail.com marked an inline comment as done.Feb 9 2022, 2:57 AM
cem accepted this revision.Feb 9 2022, 3:00 AM
In D34220#774261, @sg2342_googlemail.com wrote:

subtract one from vt_logo_sprite_height as well

Thanks.

In D34220#774265, @sg2342_googlemail.com wrote:

i was glad that there was no dimension validation in vt_fb_drawrect(), otherwise https://reviews.freebsd.org/D34221 would be more complicated to do.

I suppose you could validate in setpixel instead.

This revision is now accepted and ready to land.Feb 9 2022, 3:00 AM
emaste added a comment.Feb 9 2022, 3:07 AM

Can you provide author info (for git commit --author)

sg2342_googlemail.com added a comment.Feb 9 2022, 3:12 AM

Author: Stefan Grundmann <sg2342@googlemail.com>

Closed by commit rG06296f77c5bc: vt: fix splash_cpu logos use of vd_drawrect (authored by sg2342_googlemail.com, committed by emaste). · Explain WhyFeb 9 2022, 3:25 AM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rG06296f77c5bc: vt: fix splash_cpu logos use of vd_drawrect.
vidwer_fbsdbugs_gmail.com mentioned this in D30919: Automagically apply quirks on USB storage devices.Feb 9 2022, 1:33 PM
emaste added a commit: rG5fed793a5086: vt: fix splash_cpu logos use of vd_drawrect.Feb 16 2022, 12:41 AM

Revision Contents
Changeset List

PathSize
sys/
dev/
vt/
4 lines

Diff 102547

View Options

sys/dev/vt/vt_cpulogos.c

Loading...