From: Wolfgang Kroworsch Date: Thu, 6 Nov 2008 20:53:16 +0000 (-0800) Subject: vt: incomplete initialization of vc_tab_stop X-Git-Tag: firefly_0821_release~16972 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a564738c1c9c7b9ed696bf4116267789201ac8ac;p=firefly-linux-kernel-4.4.55.git vt: incomplete initialization of vc_tab_stop Problem 1 (see patch below): vc_tab_stop is declared as an array of 8 unsigned ints in struct vc_data in include/linux/console_struct.h . In drivers/char/vt.c only 5 of these 8 unsigned ints get initialized leading to unintended tabulator placement on displays with more than 160 columns text. Problem 2 (open): Upcoming displays will have more than 256 columns of text leading to invalid memory access in drivers/char/vt.c during tabulator calculations: if (vc->vc_tab_stop[vc->vc_x >> 5] & (1 << (vc->vc_x & 31))) break; Signed-off-by: Wolfgang Kroworsch Cc: Alan Cox Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/char/vt.c b/drivers/char/vt.c index d8f83e26e4a4..a5af6072e2b3 100644 --- a/drivers/char/vt.c +++ b/drivers/char/vt.c @@ -1644,7 +1644,10 @@ static void reset_terminal(struct vc_data *vc, int do_clear) vc->vc_tab_stop[1] = vc->vc_tab_stop[2] = vc->vc_tab_stop[3] = - vc->vc_tab_stop[4] = 0x01010101; + vc->vc_tab_stop[4] = + vc->vc_tab_stop[5] = + vc->vc_tab_stop[6] = + vc->vc_tab_stop[7] = 0x01010101; vc->vc_bell_pitch = DEFAULT_BELL_PITCH; vc->vc_bell_duration = DEFAULT_BELL_DURATION; @@ -1935,7 +1938,10 @@ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c) vc->vc_tab_stop[1] = vc->vc_tab_stop[2] = vc->vc_tab_stop[3] = - vc->vc_tab_stop[4] = 0; + vc->vc_tab_stop[4] = + vc->vc_tab_stop[5] = + vc->vc_tab_stop[6] = + vc->vc_tab_stop[7] = 0; } return; case 'm':