From 42d72084d597fc8990b8ac31b65906fd1422b61d Mon Sep 17 00:00:00 2001
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Date: Mon, 15 Jun 2020 18:15:42 -0500
Subject: fbcon: Use array3_size() helper in scr_memcpyw()
Git-commit: fcf918b966622c276749503ef9872419265af6a4
Patch-mainline: v5.9-rc1
References: jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322
Use array3_size() helper instead of the open-coded version in scr_memcpyw()
and scr_memsetw(). These sorts of multiplication factors need to be wrapped
in array3_size().
This issue was found with the help of Coccinelle and, audited and fixed
manually.
Addresses-KSPP-ID: https://github.com/KSPP/linux/issues/83
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200615231542.GA20470@embeddedor
Signed-off-by: Patrik Jakobsson <pjakobsson@suse.de>
---
drivers/video/fbdev/core/fbcon.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index e2a490c5ae08..af9f5ab96f74 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -639,7 +639,7 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
GFP_KERNEL);
if (save) {
int i = cols < new_cols ? cols : new_cols;
- scr_memsetw(save, erase, logo_lines * new_cols * 2);
+ scr_memsetw(save, erase, array3_size(logo_lines, new_cols, 2));
r = q - step;
for (cnt = 0; cnt < logo_lines; cnt++, r += i)
scr_memcpyw(save + cnt * new_cols, r, 2 * i);
@@ -676,7 +676,7 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
q = (unsigned short *) (vc->vc_origin +
vc->vc_size_row *
rows);
- scr_memcpyw(q, save, logo_lines * new_cols * 2);
+ scr_memcpyw(q, save, array3_size(logo_lines, new_cols, 2));
vc->vc_y += logo_lines;
vc->vc_pos += logo_lines * vc->vc_size_row;
kfree(save);
--
2.29.2