Commit cbe740de authored by Yongzhen Zhang's avatar Yongzhen Zhang Committed by Greg Kroah-Hartman
Browse files

fbdev: fix potential buffer overflow in do_register_framebuffer() 



[ Upstream commit 523b84dc ]

The current implementation may lead to buffer overflow when:
1.  Unregistration creates NULL gaps in registered_fb[]
2.  All array slots become occupied despite num_registered_fb < FB_MAX
3.  The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

Signed-off-by: default avatarYongzhen Zhang <zhangyongzhen@kylinos.cn>
Signed-off-by: default avatarHelge Deller <deller@gmx.de>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 6daa13c2
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment