diff options
author | Wolfgang Kroworsch <wolfgang@kroworsch.de> | 2008-11-06 12:53:16 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-11-06 15:41:17 -0800 |
commit | a564738c1c9c7b9ed696bf4116267789201ac8ac (patch) | |
tree | e5bd2ee7c28e2831bea5c1727452978c76c1c108 /drivers/char/vt.c | |
parent | 2197d18ded232ef6eef63cce57b6b21eddf1b7b6 (diff) | |
download | op-kernel-dev-a564738c1c9c7b9ed696bf4116267789201ac8ac.zip op-kernel-dev-a564738c1c9c7b9ed696bf4116267789201ac8ac.tar.gz |
vt: incomplete initialization of vc_tab_stop
Problem 1 (see patch below):
vc_tab_stop is declared as an array of 8 unsigned ints in struct
vc_data in include/linux/console_struct.h .
In drivers/char/vt.c only 5 of these 8 unsigned ints get initialized
leading to unintended tabulator placement on displays with more than
160 columns text.
Problem 2 (open):
Upcoming displays will have more than 256 columns of text leading to
invalid memory access in drivers/char/vt.c during tabulator
calculations:
if (vc->vc_tab_stop[vc->vc_x >> 5] & (1 << (vc->vc_x & 31)))
break;
Signed-off-by: Wolfgang Kroworsch <wolfgang@kroworsch.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/char/vt.c')
-rw-r--r-- | drivers/char/vt.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/drivers/char/vt.c b/drivers/char/vt.c index d8f83e2..a5af607 100644 --- a/drivers/char/vt.c +++ b/drivers/char/vt.c @@ -1644,7 +1644,10 @@ static void reset_terminal(struct vc_data *vc, int do_clear) vc->vc_tab_stop[1] = vc->vc_tab_stop[2] = vc->vc_tab_stop[3] = - vc->vc_tab_stop[4] = 0x01010101; + vc->vc_tab_stop[4] = + vc->vc_tab_stop[5] = + vc->vc_tab_stop[6] = + vc->vc_tab_stop[7] = 0x01010101; vc->vc_bell_pitch = DEFAULT_BELL_PITCH; vc->vc_bell_duration = DEFAULT_BELL_DURATION; @@ -1935,7 +1938,10 @@ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c) vc->vc_tab_stop[1] = vc->vc_tab_stop[2] = vc->vc_tab_stop[3] = - vc->vc_tab_stop[4] = 0; + vc->vc_tab_stop[4] = + vc->vc_tab_stop[5] = + vc->vc_tab_stop[6] = + vc->vc_tab_stop[7] = 0; } return; case 'm': |