[PATCH] vc: Use correct size on buffer copy in vc_resize
Antonino A. Daplas [Thu, 15 Sep 2005 13:34:33 +0000 (21:34 +0800)]
In the unlikely case of the new screen width much wider then the old,
use (old_row_size * new_rows) instead of new_screen_size to prevent a
buffer overrun during the copy.

Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

drivers/char/vt.c

index 1e33cb0..e91268e 100644 (file)
@@ -810,13 +810,14 @@ int vc_resize(struct vc_data *vc, unsigned int cols, unsigned int lines)
                         * from the top and bottom of cursor position
                         */
                        old_origin += (vc->vc_y - new_rows/2) * old_row_size;
-                       end = old_origin + new_screen_size;
+                       end = old_origin + (old_row_size * new_rows);
                }
        } else
                /*
                 * Cursor near the top, copy contents from the top of buffer
                 */
-               end = (old_rows > new_rows) ? old_origin + new_screen_size :
+               end = (old_rows > new_rows) ? old_origin +
+                       (old_row_size * new_rows) :
                        vc->vc_scr_end;
 
        update_attr(vc);