• Maciej W. Rozycki's avatar
    tgafb: fix an out-of-range shift in mono imageblit · b738b990
    Maciej W. Rozycki authored
    The pixel mask calculation in tgafb_mono_imageblit() uses a variable
    left-shift on a 32-bit data type by up to 32.  Shifting by the width of a data
    type or more produces an unpredictable result according to the C standard.
    
    Rather than widening the data type this fix makes sure the count is between 0
    and 31.  The reason is not to penalise 32-bit platforms with operation on a
    "long long" type for a marginal case that is meant not to happen (blitting an
    image of a zero width).
    
    The reason it has escaped for so long is the Alpha, being purely 64-bit, :-)
    does not mask the shift out to 32 bits.  This is a valid implementation --
    producing the correct result certainly falls within "unpredictable behaviour".
     It does trigger on MIPS though and it is the recent merge of the TC support
    which only enabled the driver for use on anything other than the Alpha.  For
    MIPS when the width is 32 the mask ends up being 0 rather than 0xffffffff as
    it should be and the frame buffer is not updated.
    Signed-off-by: default avatarMaciej W. Rozycki <macro@linux-mips.org>
    Cc: Antonino Daplas <adaplas@pol.net>
    Cc: Jay Estabrook <Jay.Estabrook@hp.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    b738b990
tgafb.c 47.1 KB