From 8fe6a00d66a0597e36976f636eb463dcd279ae3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gwenol=C3=A9=20Beauchesne?= Date: Wed, 29 Oct 2003 09:50:37 +0000 Subject: Sanity check in KERNEL_BOOT_INFO mode: don't read past a page from vbe_info->mode_list. --- tools/ddcprobe/ddcxinfos.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/tools/ddcprobe/ddcxinfos.c b/tools/ddcprobe/ddcxinfos.c index 04ab260cf..c13d803c4 100644 --- a/tools/ddcprobe/ddcxinfos.c +++ b/tools/ddcprobe/ddcxinfos.c @@ -15,13 +15,12 @@ int main(void) { int i, j; - u_int16_t *mode_list; + u_int16_t *mode_list, *mode_list_end; unsigned char hmin, hmax, vmin, vmax; struct vbe_info *vbe_info; struct vbe_edid1_info *edid; struct vbe_modeline *modelines; #if KERNEL_BOOT_INFO - u_int32_t vga_bios_base, vga_bios_size; u_int32_t page_size; int dev_mem_fd; char *mem; @@ -37,21 +36,21 @@ int main(void) return 1; } page_size = getpagesize(); - vga_bios_base = vbe_info->mode_list.base & ~0xffff; - vga_bios_size = (vbe_info->mode_list.base - vga_bios_base + page_size - 1) & -page_size; - mem = malloc(vga_bios_size); - if (lseek(dev_mem_fd, vga_bios_base, SEEK_SET) != vga_bios_base) + mem = malloc(page_size); + if (lseek(dev_mem_fd, vbe_info->mode_list.base, SEEK_SET) != vbe_info->mode_list.base) return 1; - if (read(dev_mem_fd, mem, vga_bios_size) != vga_bios_size) + if (read(dev_mem_fd, mem, page_size) != page_size) return 1; - mode_list = (u_int16_t *)(mem + vbe_info->mode_list.base - vga_bios_base); + mode_list = (u_int16_t *)mem; + mode_list_end = (u_int16_t *)(mem + page_size); #endif #if defined(__i386__) mode_list = (u_int16_t *)vbe_info->mode_list.ptr; + mode_list_end = (u_int16_t *)-2; /* this will always succeed */ #endif /* List supported standard modes. */ - while (*mode_list != 0xffff) { + while (mode_list < mode_list_end && *mode_list != 0xffff) { for (i = 0; known_vesa_modes[i].x; i++) if (known_vesa_modes[i].number == *mode_list) printf("%d %d %d\n", -- cgit v1.2.1