From cc07057c7c88fb8eff3b1991131ded0f0bcfa7e3 Mon Sep 17 00:00:00 2001 From: Saeed Mirzamohammadi Date: Wed, 21 Oct 2020 16:57:58 -0700 Subject: video: fbdev: fix divide error in fbcon_switch This patch fixes the issue due to: [ 89.572883] divide_error: 0000 [#1] SMP KASAN PTI [ 89.572897] CPU: 3 PID: 16083 Comm: repro Not tainted 5.9.0-rc7.20200930.rc1.allarch-19-g3e32d0d.syzk #5 [ 89.572902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011 [ 89.572934] RIP: 0010:cirrusfb_check_var+0x84/0x1260 The error happens when the pixels value is calculated before performing the sanity checks on bits_per_pixel. A bits_per_pixel set to zero causes divide by zero error. This patch moves the calculation after the sanity check. Signed-off-by: Saeed Mirzamohammadi Tested-by: Saeed Mirzamohammadi Reviewed-by: Thomas Zimemrmann Signed-off-by: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20201021235758.59993-1-saeed.mirzamohammadi@oracle.com --- drivers/video/fbdev/cirrusfb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/video/fbdev') diff --git a/drivers/video/fbdev/cirrusfb.c b/drivers/video/fbdev/cirrusfb.c index 15a9ee7cd734..e9027172c0f5 100644 --- a/drivers/video/fbdev/cirrusfb.c +++ b/drivers/video/fbdev/cirrusfb.c @@ -531,7 +531,7 @@ static int cirrusfb_check_var(struct fb_var_screeninfo *var, { int yres; /* memory size in pixels */ - unsigned pixels = info->screen_size * 8 / var->bits_per_pixel; + unsigned int pixels; struct cirrusfb_info *cinfo = info->par; switch (var->bits_per_pixel) { @@ -573,6 +573,7 @@ static int cirrusfb_check_var(struct fb_var_screeninfo *var, return -EINVAL; } + pixels = info->screen_size * 8 / var->bits_per_pixel; if (var->xres_virtual < var->xres) var->xres_virtual = var->xres; /* use highest possible virtual resolution */ -- cgit v1.2.3