Re: [PATCH v3] vt: Reject zero-sized screen buffer size.

On Sun, Jul 12, 2020 at 08:10:12PM +0900, Tetsuo Handa wrote: > [...] > @@ -1125,6 +1134,11 @@ int vc_allocate(unsigned int currcons) /* return 0 on > success */ > if (!*vc->vc_uni_pagedir_loc) > con_set_default_unimap(vc); > > + err = -EINVAL; > + if (vc->vc_cols > V

[PATCH v3] vt: Reject zero-sized screen buffer size.

syzbot is reporting general protection fault in do_con_write() [1] caused by vc->vc_screenbuf == ZERO_SIZE_PTR caused by vc->vc_screenbuf_size == 0 caused by vc->vc_cols == vc->vc_rows == vc->vc_size_row == 0 caused by fb_set_var() from ioctl(FBIOPUT_VSCREENINFO) on /dev/fb0 , for gotoxy(vc, 0, 0)