DivestOS/Patches/Linux_CVEs/CVE-2014-9783/ANY/0002.patch

51 lines
2.0 KiB
Diff
Raw Normal View History

2017-11-07 17:32:46 -05:00
From a7502f4f801bb95bff73617309835bb7a016cde5 Mon Sep 17 00:00:00 2001
From: Xu Han <hanxu@codeaurora.org>
Date: Wed, 25 Sep 2013 15:28:32 -0700
Subject: msm: camera: Checking an enum value greater than zero
An enum value cci_i2c_master is not checked to be greater than 0.
Add the check.
Change-Id: Ibe75ab7155def45d81b8127c5eda3fa2ed570bce
Signed-off-by: Xu Han <hanxu@codeaurora.org>
---
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c b/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c
index 273d779..401a671 100644
--- a/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c
+++ b/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c
@@ -479,7 +479,8 @@ static int32_t msm_cci_i2c_read_bytes(struct v4l2_subdev *sd,
return -EINVAL;
}
- if (c_ctrl->cci_info->cci_i2c_master > MASTER_MAX) {
+ if (c_ctrl->cci_info->cci_i2c_master > MASTER_MAX
+ || c_ctrl->cci_info->cci_i2c_master < 0) {
pr_err("%s:%d Invalid I2C master addr\n", __func__, __LINE__);
return -EINVAL;
}
@@ -524,7 +525,8 @@ static int32_t msm_cci_i2c_write(struct v4l2_subdev *sd,
enum cci_i2c_master_t master;
enum cci_i2c_queue_t queue = QUEUE_0;
cci_dev = v4l2_get_subdevdata(sd);
- if (c_ctrl->cci_info->cci_i2c_master > MASTER_MAX) {
+ if (c_ctrl->cci_info->cci_i2c_master > MASTER_MAX
+ || c_ctrl->cci_info->cci_i2c_master < 0) {
pr_err("%s:%d Invalid I2C master addr\n", __func__, __LINE__);
return -EINVAL;
}
@@ -661,7 +663,7 @@ static int32_t msm_cci_init(struct v4l2_subdev *sd,
CDBG("%s ref_count %d\n", __func__, cci_dev->ref_count);
master = c_ctrl->cci_info->cci_i2c_master;
CDBG("%s:%d master %d\n", __func__, __LINE__, master);
- if (master < MASTER_MAX) {
+ if (master < MASTER_MAX && master >= 0) {
mutex_lock(&cci_dev->cci_master_info[master].mutex);
/* Set reset pending flag to TRUE */
cci_dev->cci_master_info[master].reset_pending = TRUE;
--
cgit v1.1