input (mainly cmdline) parsing corrections

[PATCH 5/5] video/vesa: harden font height parsing

Posted by Jan Beulich 1 week, 4 days ago

We should not prematurely increment the pointer, to avoid inadvertently
skipping the NUL terminator.

Fixes: 6d9199bd0f22 ("x86-64: enable hypervisor output on VESA frame buffer")
Reported-by: Kamil Frankowicz <kamil.frankowicz@cert.pl>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/video/vesa.c
+++ b/xen/drivers/video/vesa.c
@@ -31,8 +31,8 @@ static unsigned int __initdata vram_rema
 static unsigned int __initdata font_height;
 static int __init cf_check parse_font_height(const char *s)
 {
-    if ( simple_strtoul(s, &s, 10) == 8 && (*s++ == 'x') )
-        font_height = simple_strtoul(s, &s, 10);
+    if ( simple_strtoul(s, &s, 10) == 8 && (*s == 'x') )
+        font_height = simple_strtoul(s + 1, &s, 10);
     if ( *s != '\0' )
         font_height = 0;

[PATCH 1/5] EFI: avoid OOB config file reads
[PATCH 2/5] llc-coloring: improve checking while parsing
[PATCH 3/5] ns16550: harden name/value pair parsing
[PATCH 4/5] ns16550: harden positional parsing
[PATCH 5/5] video/vesa: harden font height parsing