vbe: Add VBE 2.0+ OemData field to struct vbe_info
Per the VBE 2.0 specification, the VBE controller information is 512
bytes long when the "VBE2" signature is provided, instead of the
original 256 bytes.
src/bootsplash.c uses the original pre-VBE-2.0 256-byte structure while
also filling in the "VBE2" signature, so a video BIOS that makes use of
the VBE2 OemData area could write past the end of the allocated region.
The original bootsplash code did not have this bug; it was introduced
when the bootsplash VBE structures were merged with the VGA ROM struct
definitions.
Fixes: 69e941c159
("Merge bootsplash and VGA ROM vbe structure definitions")
Signed-off-by: Daniel Verkamp <daniel@drv.nu>
This commit is contained in:
parent
163fd9f087
commit
5d87ff2542
|
@ -18,6 +18,8 @@ struct vbe_info {
|
|||
struct segoff_s oem_product_string;
|
||||
struct segoff_s oem_revision_string;
|
||||
u8 reserved[222];
|
||||
/* VBE 2.0 */
|
||||
u8 oem_data[256];
|
||||
} PACKED;
|
||||
|
||||
struct vbe_mode_info {
|
||||
|
|
|
@ -32,16 +32,18 @@ vbe_104f00(struct bregs *regs)
|
|||
{
|
||||
u16 seg = regs->es;
|
||||
struct vbe_info *info = (void*)(regs->di+0);
|
||||
size_t info_size = offsetof(struct vbe_info, oem_data);
|
||||
|
||||
if (GET_FARVAR(seg, info->signature) == VBE2_SIGNATURE) {
|
||||
dprintf(4, "Get VBE Controller: VBE2 Signature found\n");
|
||||
info_size = sizeof(*info);
|
||||
} else if (GET_FARVAR(seg, info->signature) == VESA_SIGNATURE) {
|
||||
dprintf(4, "Get VBE Controller: VESA Signature found\n");
|
||||
} else {
|
||||
dprintf(4, "Get VBE Controller: Invalid Signature\n");
|
||||
}
|
||||
|
||||
memset_far(seg, info, 0, sizeof(*info));
|
||||
memset_far(seg, info, 0, info_size);
|
||||
|
||||
SET_FARVAR(seg, info->signature, VESA_SIGNATURE);
|
||||
|
||||
|
|
Loading…
Reference in New Issue