Fix a number of issues with vesabios discovered by miod@

1. Add bounds checking to vga_pci_mmap, fixing a potential security issue.
Limit the amount of memory to what the vbe info structure says the card
card has. This should be nicely refined to limit to the amount of memory
needed by the active resolution and depth but this will do for the time
being.

2. Fix several places in vesafb.c where the return of kvm86_bios_addpage()
isnt being checked. Also ensure that if vesafb_get_mode_info() fails that it
cleans up after itself by releasing the page it added.

3. Correct the range checks in vesafb_putcmap and vesafb_getcmap, harmonize
code with similar code found else where.

ok miod@

1 files changed, 4 insertions, 2 deletions

diff --git a/sys/dev/pci/vga_pci.c b/sys/dev/pci/vga_pci.c
index d664b518569..bcc426dc89f 100644
--- a/sys/dev/pci/vga_pci.c
+++ b/sys/dev/pci/vga_pci.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vga_pci.c,v 1.25 2006/11/27 18:04:28 gwk Exp $ */
+/* $OpenBSD: vga_pci.c,v 1.26 2007/01/28 20:28:50 gwk Exp $ */
 /* $NetBSD: vga_pci.c,v 1.3 1998/06/08 06:55:58 thorpej Exp $ */
 
 /*
@@ -175,7 +175,7 @@ vga_pci_attach(struct device *parent, struct device *self, void *aux)
 		return;
 	}
 #endif
- 	printf("\n");
+	printf("\n");
 	vga_common_attach(self, pa->pa_iot, pa->pa_memt,
 	    WSDISPLAY_TYPE_PCIVGA);
 }
@@ -188,6 +188,8 @@ vga_pci_mmap(void *v, off_t off, int prot)
 	struct vga_pci_softc *sc = (struct vga_pci_softc *)vc->vc_softc;
 
 	if (sc->sc_mode == WSDISPLAYIO_MODE_DUMBFB) {
+		if (off < 0 || off > vesabios_softc->sc_size)
+			return (-1);
 		return atop(sc->sc_base + off);
 	}
 #endif