[SRU OEM-5.14 PATCH 1/3] fbcon: Disallow setting font bigger than screen size

Fri Aug 5 10:09:44 UTC 2022

From: Helge Deller <deller at gmx.de>

Prevent that users set a font size which is bigger than the physical screen.
It's unlikely this may happen (because screens are usually much larger than the
fonts and each font char is limited to 32x32 pixels), but it may happen on
smaller screens/LCD displays.

Signed-off-by: Helge Deller <deller at gmx.de>
Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
Reviewed-by: Geert Uytterhoeven <geert at linux-m68k.org>
Cc: stable at vger.kernel.org # v4.14+
CVE-2021-33655
(cherry picked from commit 65a01e601dbba8b7a51a2677811f70f783766682)
Signed-off-by: Cengiz Can <cengiz.can at canonical.com>
---
 drivers/video/fbdev/core/fbcon.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index a25b63b56223f..0710c5ec1014f 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -2480,6 +2480,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
 	if (charcount != 256 && charcount != 512)
 		return -EINVAL;
 
+	/* font bigger than screen resolution ? */
+	if (w > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) ||
+	    h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres))
+		return -EINVAL;
+
 	/* Make sure drawing engine can handle the font */
 	if (!(info->pixmap.blit_x & (1 << (font->width - 1))) ||
 	    !(info->pixmap.blit_y & (1 << (font->height - 1))))
-- 
2.34.1


