vt: clear selection before resizing

commit 009e39ae44f4191188aeb6dfbf661b771dbbe515 upstream.

When resizing a vt its selection may exceed the new size, resulting in
an invalid memory access [1]. Clear the selection before resizing.

[1] http://lkml.kernel.org/r/CACT4Y+acDTwy4umEvf5ROBGiRJNrxHN4Cn5szCXE5Jw-d1B=Xw@mail.gmail.com

Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Scot Doyle <lkml14@scotdoyle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 9dc1e2b..1c469ad 100644 (file)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -888,6 +888,9 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc,
        if (!newscreen)
                return -ENOMEM;
 
        if (!newscreen)
                return -ENOMEM;
 

+       if (vc == sel_cons)
+               clear_selection();
+

        old_rows = vc->vc_rows;
        old_row_size = vc->vc_size_row;
 
        old_rows = vc->vc_rows;
        old_row_size = vc->vc_size_row;