[PATCH 5/5] fbconsole: reset cursor to origin when changing fonts

Ahmad Fatoum a.fatoum at pengutronix.de
Sun Jun 1 14:02:25 PDT 2025 

On 01.06.25 23:00, Ahmad Fatoum wrote:
> If we switch from one font to another, we update priv->rows and
> priv->cols, but priv->x and priv->y remain at their old values.
> 
> This becomes problematic, when a bigger font is chosen, because the
> coordinates may now exceed the maximum number of rows and lines,
> triggering an out-of-bounds memory access, when they are scaled
> according to the new font.
> 
> Fix this by resetting to (0, 0) whenever the number of columns and rows
> changes. The end result looks neater anyway.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum at barebox.org>

Should've made this the first commit. Can this one be applied to master as well?

> ---
>  drivers/video/fbconsole.c | 17 +++++++++++++----
>  1 file changed, 13 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/video/fbconsole.c b/drivers/video/fbconsole.c
> index 167569abd5c1..fd220a6c1e05 100644
> --- a/drivers/video/fbconsole.c
> +++ b/drivers/video/fbconsole.c
> @@ -679,6 +679,7 @@ static int setup_font(struct fbc_priv *priv)
>  	const struct font_desc *font;
>  	unsigned int height = priv->fb->yres - priv->margin.top - priv->margin.bottom;
>  	unsigned int width = priv->fb->xres - priv->margin.left - priv->margin.right;
> +	unsigned int newrows, newcols;
>  
>  	font = find_font_enum(priv->par_font_val);
>  	if (!font) {
> @@ -690,14 +691,22 @@ static int setup_font(struct fbc_priv *priv)
>  	switch (priv->rotation) {
>  	case FBCONSOLE_ROTATE_0:
>  	case FBCONSOLE_ROTATE_180:
> -		priv->rows = height / priv->font->height;
> -		priv->cols = width / priv->font->width;
> +		newrows = height / priv->font->height;
> +		newcols = width / priv->font->width;
>  		break;
>  	case FBCONSOLE_ROTATE_90:
>  	case FBCONSOLE_ROTATE_270:
> -		priv->rows = width / priv->font->height;
> -		priv->cols = height / priv->font->width;
> +		newrows = width / priv->font->height;
> +		newcols = height / priv->font->width;
>  		break;
> +	default:
> +		return -EINVAL;
> +	}
> +
> +	if (priv->rows != newrows || priv->cols != newcols) {
> +		priv->rows = newrows;
> +		priv->cols = newcols;
> +		priv->x = priv->y = 0;
>  	}
>  
>  	return 0;


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

More information about the barebox mailing list