From: Martin Schwidefsky Date: Wed, 18 Dec 2013 13:36:18 +0000 (+0100) Subject: s390/3270: fix allocation of tty3270_screen structure X-Git-Tag: firefly_0821_release~3679^2~3172 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2202b3646c440e775d0e630c784b295b612dae0b;p=firefly-linux-kernel-4.4.55.git s390/3270: fix allocation of tty3270_screen structure commit 36d9f4d3b68c7035ead3850dc85f310a579ed0eb upstream. The tty3270_alloc_screen function is called from tty3270_install with swapped arguments, the number of columns instead of rows and vice versa. The number of rows is typically smaller than the number of columns which makes the screen array too big but the individual cell arrays for the lines too small. Creating lines longer than the number of rows will clobber the memory after the end of the cell array. The fix is simple, call tty3270_alloc_screen with the correct argument order. Signed-off-by: Martin Schwidefsky Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/s390/char/tty3270.c b/drivers/s390/char/tty3270.c index cee69dac3e18..4dd71ca0269c 100644 --- a/drivers/s390/char/tty3270.c +++ b/drivers/s390/char/tty3270.c @@ -942,7 +942,7 @@ static int tty3270_install(struct tty_driver *driver, struct tty_struct *tty) return rc; } - tp->screen = tty3270_alloc_screen(tp->view.cols, tp->view.rows); + tp->screen = tty3270_alloc_screen(tp->view.rows, tp->view.cols); if (IS_ERR(tp->screen)) { rc = PTR_ERR(tp->screen); raw3270_put_view(&tp->view);