Dan Carpenter 1e7c780488 fbcmap: integer overflow bug ... There is an integer overflow in fb_set_user_cmap() because cmap->len * 2 can wrap. It's basically harmless. Your terminal will be messed up until you type reset. This patch does three things to fix the bug. First, it checks the return value of fb_copy_cmap() in fb_alloc_cmap(). That is enough to fix address the overflow. Second it checks for the integer overflow in fb_set_user_cmap(). Lastly I wanted to cap "cmap->len" in fb_set_user_cmap() much lower because it gets used to determine the size of allocation. Unfortunately no one knows what the limit should be. Instead what this patch does is makes the allocation happen with GFP_KERNEL instead of GFP_ATOMIC and lets the kmalloc() decide what values of cmap->len are reasonable. To do this, the patch introduces a function called fb_alloc_cmap_gfp() which is like fb_alloc_cmap() except that it takes a GFP flag. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Paul Mundt <lethal@linux-sh.org>		2010-11-17 14:55:45 +09:00
..
aty	Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6	2010-10-25 08:19:14 -07:00
backlight	backlight: MacBookAir3,1(3,2) mbp-nvidia-bl support	2010-11-12 07:55:33 -08:00
console	fbcon: fix lockdep warning from fbcon_deinit()	2010-09-22 17:22:39 -07:00
display
geode
i810	i2c: Remove unneeded inclusions of <linux/i2c-id.h>	2010-10-24 18:16:58 +02:00
intelfb	i2c: Remove unneeded inclusions of <linux/i2c-id.h>	2010-10-24 18:16:58 +02:00
kyro
logo
matrox	drivers/video/matrox/matroxfb_maven.c: fix unsigned return type	2010-10-27 18:03:08 -07:00
mb862xx
mbx	llseek: automatically add .llseek fop	2010-10-15 15:53:27 +02:00
msm	drivers/video/msm/mddi.c: Remove multiple KERN_<level> uses	2010-10-27 13:43:21 -07:00
nvidia
omap	drivers/video/omap/blizzard.c: suspected typo in assignment	2010-10-27 18:03:08 -07:00
omap2	OMAP: VRAM: Fix boot-time memory allocation	2010-11-10 20:51:13 +09:00
pnx4008
riva	i2c: Delete unused adapter IDs	2010-11-15 22:40:38 +01:00
savage	savagefb: fix DDC for Savage 4	2010-10-27 18:03:08 -07:00
sis	sisfb: limit POST memory test according to PCI resource length	2010-11-10 20:26:37 +09:00
vermilion
via	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6	2010-10-28 09:35:11 -07:00
68328fb.c
acornfb.c
acornfb.h
amba-clcd.c	VIDEO: amba clcd: don't disable an already disabled clock	2010-08-17 22:15:09 +01:00
amifb.c
arcfb.c	Update broken web addresses in the kernel.	2010-10-18 11:03:14 +02:00
arkfb.c
asiliantfb.c
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atafb.c	fbdev: atafb - Remove undead ifdef ATAFB_FALCON	2010-10-22 09:43:25 +02:00
atafb.h
atmel_lcdfb.c
au1100fb.c
au1100fb.h
au1200fb.c	replace nested max/min macros with {max,min}3 macro	2010-10-26 16:52:12 -07:00
au1200fb.h
bf54x-lq043fb.c
bfin-lq035q1-fb.c
bfin-t350mcqb-fb.c
broadsheetfb.c
bt431.h
bt455.h
bw2.c
c2p_core.h
c2p_iplan2.c
c2p_planar.c
c2p.h
carminefb_regs.h
carminefb.c
carminefb.h
cfbcopyarea.c
cfbfillrect.c
cfbimgblt.c
cg3.c
cg6.c
cg14.c
chipsfb.c
cirrusfb.c
clps711xfb.c
cobalt_lcdfb.c
controlfb.c
controlfb.h
cyber2000fb.c
cyber2000fb.h
da8xx-fb.c
dnfb.c
edid.h
efifb.c	efifb: support the EFI framebuffer on more Apple hardware	2010-09-22 17:22:39 -07:00
ep93xx-fb.c
epson1355fb.c	Update broken web addresses in the kernel.	2010-10-18 11:03:14 +02:00
fb_ddc.c
fb_defio.c
fb_draw.h
fb_notify.c
fb_sys_fops.c
fbcmap.c	fbcmap: integer overflow bug	2010-11-17 14:55:45 +09:00
fbcvt.c	Update broken web addresses in the kernel.	2010-10-18 11:03:14 +02:00
fbmem.c	fbmem: fix fb_read, fb_write unaligned accesses	2010-10-27 18:03:08 -07:00
fbmon.c
fbsysfs.c
ffb.c
fm2fb.c
fsl-diu-fb.c
g364fb.c
gbefb.c	drivers/video/gbefb.c: eliminate memory leak	2010-10-27 18:03:08 -07:00
gxt4500.c
hecubafb.c
hgafb.c
hitfb.c
hpfb.c
igafb.c	drivers/video/igafb.c: make igafb_setup() and igafb_init() static	2010-08-11 08:59:12 -07:00
imsttfb.c
imxfb.c	ARM: 6281/1: video/imxfb.c: allow usage without BACKLIGHT_CLASS_DEVICE	2010-08-10 22:10:51 +01:00
jz4740_fb.c
Kconfig	Merge branch 'drm-core-next' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6	2010-10-26 18:57:59 -07:00
leo.c
macfb.c
macmodes.c
macmodes.h
Makefile
maxinefb.c
metronomefb.c	Update broken web addresses in the kernel.	2010-10-18 11:03:14 +02:00
modedb.c
mx3fb.c
n411.c
neofb.c
nuc900fb.c
nuc900fb.h
offb.c
output.c
p9100.c
platinumfb.c
platinumfb.h
pm2fb.c
pm3fb.c
pmag-aa-fb.c
pmag-ba-fb.c
pmagb-b-fb.c
ps3fb.c
pvr2fb.c
pxa168fb.c	ARM: pxa168fb: add .remove function	2010-10-09 17:07:23 +08:00
pxa168fb.h
pxafb.c
pxafb.h
q40fb.c	fbdev/m68k: Fix section mismatches in q40fb.c	2010-10-22 09:43:25 +02:00
s1d13xxxfb.c
s3c2410fb.c
s3c2410fb.h
s3c-fb.c	s3c-fb: automatically calculate pixel clock when none is given	2010-08-11 08:59:12 -07:00
s3fb.c
sa1100fb.c
sa1100fb.h
sbuslib.c
sbuslib.h
sgivwfb.c
sh7760fb.c
sh_mipi_dsi.c	fbdev: sh_mobile_lcdcfb: Support multiple video modes in platform data	2010-09-14 17:22:38 +09:00
sh_mobile_hdmi.c	fbdev: sh_mobile_hdmi: properly clean up modedb on monitor unplug	2010-11-10 16:53:12 +09:00
sh_mobile_lcdcfb.c	fbdev: sh_mobile_lcdcfb: fix bug in reconfig()	2010-11-16 10:11:28 +09:00
sh_mobile_lcdcfb.h	fbdev: sh_mobile_lcdc: reconfigure the framebuffer, when free	2010-09-16 16:36:17 +09:00
skeletonfb.c
sm501fb.c
sstfb.c
sticore.h
stifb.c
sunxvr500.c
sunxvr1000.c
sunxvr2500.c
svgalib.c
syscopyarea.c
sysfillrect.c
sysimgblt.c
tcx.c
tdfxfb.c
tgafb.c
tmiofb.c
tridentfb.c
uvesafb.c	param: use ops in struct kernel_param, rather than get and set fns directly	2010-08-11 23:04:13 +09:30
valkyriefb.c
valkyriefb.h
vesafb.c	vesafb: fix comment a typo	2010-08-16 15:14:03 +02:00
vfb.c
vga16fb.c
vgastate.c
vt8623fb.c	param: simple locking for sysfs-writable charp parameters	2010-08-11 23:04:31 +09:30
w100fb.c
w100fb.h
xen-fbfront.c	xenbus: prevent warnings on unhandled enumeration values	2010-10-18 10:49:36 -04:00
xilinxfb.c	fbdev/xilinxfb: Microblaze driver support	2010-10-21 16:04:51 +10:00