From: Jiri Slaby <jslaby@suse.cz>
To: gregkh@linuxfoundation.org
Cc: linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org,
Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 10/16] vc_screen: sanitize types in vcs_read
Date: Tue, 18 Aug 2020 10:57:00 +0200 [thread overview]
Message-ID: <20200818085706.12163-10-jslaby@suse.cz> (raw)
In-Reply-To: <20200818085706.12163-1-jslaby@suse.cz>
* pos is derived from the passed ppos, so make it long enough, i.e.
loff_t
* attr and uni_mode are booleans, so...
* size is limited by vcs_size() which returns an int
* read, p, orig_count and this_round are always ">= 0" and "< size",
so uint is enough
* row, col, and max_col are derived from vc->vc_cols (uint) and p, so
make them uint too
* tmp_count is derived from this_round, so make it an uint too.
* use u16 * for org (instead of unsigned short *). No need to initialize
org too.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/tty/vt/vc_screen.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c
index 36b967825f68..c62c590ed816 100644
--- a/drivers/tty/vt/vc_screen.c
+++ b/drivers/tty/vt/vc_screen.c
@@ -256,12 +256,12 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
struct inode *inode = file_inode(file);
struct vc_data *vc;
struct vcs_poll_data *poll;
- long pos, read;
- int attr, uni_mode, row, col, maxcol;
- unsigned short *org = NULL;
+ u16 *org;
+ unsigned int read, row, col, maxcol;
ssize_t ret;
char *con_buf;
- bool viewed;
+ loff_t pos;
+ bool viewed, attr, uni_mode;
con_buf = (char *) __get_free_page(GFP_KERNEL);
if (!con_buf)
@@ -295,9 +295,8 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
ret = 0;
while (count) {
char *con_buf0, *con_buf_start;
- long this_round, size;
- ssize_t orig_count;
- long p = pos;
+ unsigned int this_round, orig_count, p = pos;
+ int size;
/* Check whether we are above size each round,
* as copy_to_user at the end of this loop
@@ -362,7 +361,7 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
}
} else {
if (p < HEADER_SIZE) {
- size_t tmp_count;
+ unsigned int tmp_count;
/* clamp header values if they don't fit */
con_buf0[0] = min(vc->vc_rows, 0xFFu);
--
2.28.0
next prev parent reply other threads:[~2020-08-18 8:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-18 8:56 [PATCH 01/16] vt: make vc_data pointers const in selection.h Jiri Slaby
2020-08-18 8:56 ` [PATCH 02/16] vt: declare xy for get/putconsxy properly Jiri Slaby
2020-08-18 11:43 ` Greg KH
2020-08-19 7:09 ` Jiri Slaby
2020-08-18 8:56 ` [PATCH 03/16] vc: propagate "viewed as bool" from screenpos up Jiri Slaby
2020-08-18 8:56 ` [PATCH 04/16] vc_screen: document and cleanup vcs_vc Jiri Slaby
2020-08-18 8:56 ` [PATCH 05/16] vc_screen: rewrite vcs_size to accept vc, not inode Jiri Slaby
2020-08-18 8:56 ` [PATCH 06/16] vc_screen: sanitize types in vcs_write Jiri Slaby
2020-08-18 8:56 ` [PATCH 07/16] vc_screen: extract vcs_write_buf_noattr Jiri Slaby
2020-08-18 8:56 ` [PATCH 08/16] vc_screen: extract vcs_write_buf Jiri Slaby
2020-08-18 8:56 ` [PATCH 09/16] vc_screen: eliminate ifdefs from vcs_write_buf Jiri Slaby
2020-08-18 8:57 ` Jiri Slaby [this message]
2020-08-18 8:57 ` [PATCH 11/16] vs_screen: kill tmp_count from vcs_read Jiri Slaby
2020-08-18 8:57 ` [PATCH 12/16] vc_screen: extract vcs_read_buf_uni Jiri Slaby
2020-08-18 8:57 ` [PATCH 13/16] vc_screen: extract vcs_read_buf_noattr Jiri Slaby
2020-08-18 8:57 ` [PATCH 14/16] vc_screen: extract vcs_read_buf Jiri Slaby
2020-08-18 8:57 ` [PATCH 15/16] vc_screen: extract vcs_read_buf_header Jiri Slaby
2020-08-25 16:48 ` Peilin Ye
2020-08-25 16:59 ` Greg KH
2020-08-25 17:12 ` Peilin Ye
2020-08-18 8:57 ` [PATCH 16/16] vc_screen: prune macros Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200818085706.12163-10-jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).