[PATCH] vt: incomplete initialization of vc_tab_stop
From: Wolfgang Kroworsch
Date: Sat Oct 18 2008 - 07:55:28 EST
Problem 1 (see patch below):
vc_tab_stop is declared as an array of 8 unsigned ints in struct
vc_data in include/linux/console_struct.h .
In drivers/char/vt.c only 5 of these 8 unsigned ints get initialized
leading to unintended tabulator placement on displays with more than
160 columns text.
Problem 2 (open):
Upcoming displays will have more than 256 columns of text leading to
invalid memory access in drivers/char/vt.c during tabulator
calculations:
if (vc->vc_tab_stop[vc->vc_x >> 5] & (1 << (vc->vc_x & 31)))
break;
---
drivers/char/vt.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/char/vt.c b/drivers/char/vt.c
index d8f83e2..a5af607 100644
--- a/drivers/char/vt.c
+++ b/drivers/char/vt.c
@@ -1644,7 +1644,10 @@ static void reset_terminal(struct vc_data *vc, int do_clear)
vc->vc_tab_stop[1] =
vc->vc_tab_stop[2] =
vc->vc_tab_stop[3] =
- vc->vc_tab_stop[4] = 0x01010101;
+ vc->vc_tab_stop[4] =
+ vc->vc_tab_stop[5] =
+ vc->vc_tab_stop[6] =
+ vc->vc_tab_stop[7] = 0x01010101;
vc->vc_bell_pitch = DEFAULT_BELL_PITCH;
vc->vc_bell_duration = DEFAULT_BELL_DURATION;
@@ -1935,7 +1938,10 @@ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c)
vc->vc_tab_stop[1] =
vc->vc_tab_stop[2] =
vc->vc_tab_stop[3] =
- vc->vc_tab_stop[4] = 0;
+ vc->vc_tab_stop[4] =
+ vc->vc_tab_stop[5] =
+ vc->vc_tab_stop[6] =
+ vc->vc_tab_stop[7] = 0;
}
return;
case 'm':
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/