On Tue, Mar 03, 2020 at 10:30:14PM +0800, zhangxiaoxu (A) wrote:

在 2020/3/3 21:59, Ville Syrjälä 写道:

quoted

That doesn't match how vc_screenbuf_size is computed elsewhere. Also
a lot of places seem to assume that the screenbuf can be larger than
vga_vram_size (eg. all the memcpy()s pick the smaller size of the
two).

Yes, in the vga source code, we also pick the smaller size of two. But
in other place, eg: vc_do_resize, copy the old_origin to new_origin, we
not do that. It also make bad access happen. it maybe CVE-2020-8647.

I think we should just assume the width/height maybe larger than the
default, not the screenbuf larger than vga_vram_size.

If not, any useful of the larger screenbuf?

Maybe used for scrolling?

quoted

And you're changing the behaviour of the code when
'width % 2 && user' is true

-- 
Ville Syrjälä
Intel