DivestOS/Patches/Linux_CVEs/CVE-2017-9720/ANY/0002.patch

From 2c5616295a5411812188f515d6ecf1984b9c1798 Mon Sep 17 00:00:00 2001
From: Terence Ho <terenceh@codeaurora.org>
Date: Wed, 14 Jun 2017 14:17:50 -0400
Subject: msm:camera: correct stats query out of boundary

fix one potential out of boundary query of stats info.

Change-Id: Ic3224f2f08e6dd2bb05a846d0300df251f9fb192
CRs-Fixed: 2041066
Signed-off-by: Terence Ho <terenceh@codeaurora.org>
---
 drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c b/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c
index feb4a62..1b24a13 100644
--- a/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c
+++ b/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c
@@ -890,7 +890,7 @@ int msm_isp_update_stats_stream(struct vfe_device *vfe_dev, void *arg)
 				&update_cmd->update_info[i];
 		/* check array reference bounds */
 		if (STATS_IDX(update_info->stream_handle)
-			> vfe_dev->hw_info->stats_hw_info->num_stats_type) {
+			>= vfe_dev->hw_info->stats_hw_info->num_stats_type) {
 			pr_err("%s: stats idx %d out of bound!", __func__,
 			STATS_IDX(update_info->stream_handle));
 			return -EINVAL;
-- 
cgit v1.1
Switch to new CVE patchset 2017-11-07 17:32:46 -05:00			`From 2c5616295a5411812188f515d6ecf1984b9c1798 Mon Sep 17 00:00:00 2001`
			`From: Terence Ho <terenceh@codeaurora.org>`
			`Date: Wed, 14 Jun 2017 14:17:50 -0400`
			`Subject: msm:camera: correct stats query out of boundary`

			`fix one potential out of boundary query of stats info.`

			`Change-Id: Ic3224f2f08e6dd2bb05a846d0300df251f9fb192`
			`CRs-Fixed: 2041066`
			`Signed-off-by: Terence Ho <terenceh@codeaurora.org>`
			`---`
			`drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c b/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c`
			`index feb4a62..1b24a13 100644`
			`--- a/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c`
			`+++ b/drivers/media/platform/msm/ais/isp/msm_isp_stats_util.c`
			`@@ -890,7 +890,7 @@ int msm_isp_update_stats_stream(struct vfe_device vfe_dev, void arg)`
			`&update_cmd->update_info[i];`
			`/* check array reference bounds */`
			`if (STATS_IDX(update_info->stream_handle)`
			`- > vfe_dev->hw_info->stats_hw_info->num_stats_type) {`
			`+ >= vfe_dev->hw_info->stats_hw_info->num_stats_type) {`
			`pr_err("%s: stats idx %d out of bound!", __func__,`
			`STATS_IDX(update_info->stream_handle));`
			`return -EINVAL;`
			`--`
			`cgit v1.1`