summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGwenolé Beauchesne <gbeauchesne@mandriva.org>2003-10-29 09:50:37 +0000
committerGwenolé Beauchesne <gbeauchesne@mandriva.org>2003-10-29 09:50:37 +0000
commit8fe6a00d66a0597e36976f636eb463dcd279ae3f (patch)
tree8e831fbe16582f2dfddd096f0093f84ada43e4b3
parentcf5a8c143b7b489a47a584f6771834d02126c03d (diff)
downloaddrakx-8fe6a00d66a0597e36976f636eb463dcd279ae3f.tar
drakx-8fe6a00d66a0597e36976f636eb463dcd279ae3f.tar.gz
drakx-8fe6a00d66a0597e36976f636eb463dcd279ae3f.tar.bz2
drakx-8fe6a00d66a0597e36976f636eb463dcd279ae3f.tar.xz
drakx-8fe6a00d66a0597e36976f636eb463dcd279ae3f.zip
Sanity check in KERNEL_BOOT_INFO mode: don't read past a page from
vbe_info->mode_list.
-rw-r--r--tools/ddcprobe/ddcxinfos.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/tools/ddcprobe/ddcxinfos.c b/tools/ddcprobe/ddcxinfos.c
index 04ab260cf..c13d803c4 100644
--- a/tools/ddcprobe/ddcxinfos.c
+++ b/tools/ddcprobe/ddcxinfos.c
@@ -15,13 +15,12 @@
int main(void)
{
int i, j;
- u_int16_t *mode_list;
+ u_int16_t *mode_list, *mode_list_end;
unsigned char hmin, hmax, vmin, vmax;
struct vbe_info *vbe_info;
struct vbe_edid1_info *edid;
struct vbe_modeline *modelines;
#if KERNEL_BOOT_INFO
- u_int32_t vga_bios_base, vga_bios_size;
u_int32_t page_size;
int dev_mem_fd;
char *mem;
@@ -37,21 +36,21 @@ int main(void)
return 1;
}
page_size = getpagesize();
- vga_bios_base = vbe_info->mode_list.base & ~0xffff;
- vga_bios_size = (vbe_info->mode_list.base - vga_bios_base + page_size - 1) & -page_size;
- mem = malloc(vga_bios_size);
- if (lseek(dev_mem_fd, vga_bios_base, SEEK_SET) != vga_bios_base)
+ mem = malloc(page_size);
+ if (lseek(dev_mem_fd, vbe_info->mode_list.base, SEEK_SET) != vbe_info->mode_list.base)
return 1;
- if (read(dev_mem_fd, mem, vga_bios_size) != vga_bios_size)
+ if (read(dev_mem_fd, mem, page_size) != page_size)
return 1;
- mode_list = (u_int16_t *)(mem + vbe_info->mode_list.base - vga_bios_base);
+ mode_list = (u_int16_t *)mem;
+ mode_list_end = (u_int16_t *)(mem + page_size);
#endif
#if defined(__i386__)
mode_list = (u_int16_t *)vbe_info->mode_list.ptr;
+ mode_list_end = (u_int16_t *)-2; /* this will always succeed */
#endif
/* List supported standard modes. */
- while (*mode_list != 0xffff) {
+ while (mode_list < mode_list_end && *mode_list != 0xffff) {
for (i = 0; known_vesa_modes[i].x; i++)
if (known_vesa_modes[i].number == *mode_list)
printf("%d %d %d\n",