[PATCH (?)] vt: fix possible memory corruption in complement_pos

[André Pereira de Almeida <andre@cachola.com.br>]

Hi.
In the file drivers/char/vt.c the function complement_pos (used by 
selection: complement pointer position) saves the memory position of 
previous pointer position. If, between 2 successive calls of this 
function, the memory location of the screen has changed (e.g. the window 
has been resized), the old pointer position is invalid, and, if this 
memory position has been allocated by another kernel data, this data may 
be corrupted since this function will try to restore the previous data.

I don't know if this is the right approach, but this patch will solve 
this bug.

--- linux-2.6.12-rc4-mm2.orig/drivers/char/vt.c 2005-05-25 
12:04:54.000000000 -0300
+++ linux-2.6.12-rc4-mm2/drivers/char/vt.c      2005-05-25 
12:36:20.000000000 -0300
@@ -434,21 +434,21 @@ void invert_screen(struct vc_data *vc, i
/* used by selection: complement pointer position */
void complement_pos(struct vc_data *vc, int offset)
{
-       static unsigned short *p;
+       static int old_offset=-1;
       static unsigned short old;
       static unsigned short oldx, oldy;

       WARN_CONSOLE_UNLOCKED();

-       if (p) {
-               scr_writew(old, p);
+       if (old_offset!=-1) {
+               scr_writew(old, screenpos(vc, old_offset, 1));
               if (DO_UPDATE(vc))
                       vc->vc_sw->con_putc(vc, old, oldy, oldx);
       }
-       if (offset == -1)
-               p = NULL;
-       else {
+       old_offset=offset;
+       if (offset != -1) {
               unsigned short new;
+               unsigned short *p;
               p = screenpos(vc, offset, 1);
               old = scr_readw(p);
               new = old ^ vc->vc_complement_mask;



--- linux-2.6.12-rc4-mm2.orig/drivers/char/vt.c	2005-05-25 12:04:54.000000000 -0300
+++ linux-2.6.12-rc4-mm2/drivers/char/vt.c	2005-05-25 12:36:20.000000000 -0300
@@ -434,21 +434,21 @@ void invert_screen(struct vc_data *vc, i
 /* used by selection: complement pointer position */
 void complement_pos(struct vc_data *vc, int offset)
 {
-	static unsigned short *p;
+	static int old_offset=-1;
 	static unsigned short old;
 	static unsigned short oldx, oldy;
 
 	WARN_CONSOLE_UNLOCKED();
 
-	if (p) {
-		scr_writew(old, p);
+	if (old_offset!=-1) {
+		scr_writew(old, screenpos(vc, old_offset, 1));
 		if (DO_UPDATE(vc))
 			vc->vc_sw->con_putc(vc, old, oldy, oldx);
 	}
-	if (offset == -1)
-		p = NULL;
-	else {
+	old_offset=offset;
+	if (offset != -1) {
 		unsigned short new;
+		unsigned short *p;
 		p = screenpos(vc, offset, 1);
 		old = scr_readw(p);
 		new = old ^ vc->vc_complement_mask;