From: Heinrich Schuchardt Date: Wed, 19 Sep 2018 17:15:14 +0000 (+0200) Subject: dm: video: check bounds for column and row X-Git-Url: http://git.dujemihanovic.xyz/img/sics.gif?a=commitdiff_plain;h=4b985e0035263b62d5a0cb9de42c87171892949f;p=u-boot.git dm: video: check bounds for column and row CSI H can be used to position the cursor. The calling application may specify a location that is beyond the limits of the screen. This may lead to an illegal memory access. Signed-off-by: Heinrich Schuchardt Signed-off-by: Alexander Graf --- diff --git a/drivers/video/vidconsole-uclass.c b/drivers/video/vidconsole-uclass.c index f1d3ad3611..0c36a5de0a 100644 --- a/drivers/video/vidconsole-uclass.c +++ b/drivers/video/vidconsole-uclass.c @@ -213,6 +213,14 @@ static void vidconsole_escape_char(struct udevice *dev, char ch) s++; /* ; */ s = parsenum(s, &col); + /* + * Ensure we stay in the bounds of the screen. + */ + if (row >= priv->rows) + row = priv->rows - 1; + if (col >= priv->cols) + col = priv->cols - 1; + priv->ycur = row * priv->y_charsize; priv->xcur_frac = priv->xstart_frac + VID_TO_POS(col * priv->x_charsize);