From 012e37bf91490c5b59ba2ab68a4d214b632b613f Mon Sep 17 00:00:00 2001 From: Rajesh Bondugula Date: Tue, 8 Nov 2016 11:52:55 -0800 Subject: msm: camera: sensor: Validate i2c_frq_mode in msm_cci_get_clk_rates i2c_freq_mode in msm_cci_get_clk_rates is populated from userspace. Validate to make sure it has valid values. If a large number is sent from userspace to avoid a buffer over read. Crs-Fixed: 1086833 Change-Id: I237f60dca3e3dbad4e6188bf047cf7ec5163d159 Signed-off-by: Rajesh Bondugula --- drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c b/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c index b1c2382..f113bdc 100644 --- a/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c +++ b/drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c @@ -115,15 +115,16 @@ static int32_t msm_cci_set_clk_param(struct cci_device *cci_dev, enum cci_i2c_master_t master = c_ctrl->cci_info->cci_i2c_master; enum i2c_freq_mode_t i2c_freq_mode = c_ctrl->cci_info->i2c_freq_mode; - clk_params = &cci_dev->cci_clk_params[i2c_freq_mode]; - if ((i2c_freq_mode >= I2C_MAX_MODES) || (i2c_freq_mode < 0)) { pr_err("%s:%d invalid i2c_freq_mode = %d", __func__, __LINE__, i2c_freq_mode); return -EINVAL; } + if (cci_dev->i2c_freq_mode[master] == i2c_freq_mode) return 0; + + clk_params = &cci_dev->cci_clk_params[i2c_freq_mode]; if (MASTER_0 == master) { msm_camera_io_w_mb(clk_params->hw_thigh << 16 | clk_params->hw_tlow, @@ -1196,6 +1197,13 @@ static uint32_t *msm_cci_get_clk_rates(struct cci_device *cci_dev, struct msm_cci_clk_params_t *clk_params = NULL; enum i2c_freq_mode_t i2c_freq_mode = c_ctrl->cci_info->i2c_freq_mode; struct device_node *of_node = cci_dev->pdev->dev.of_node; + + if ((i2c_freq_mode >= I2C_MAX_MODES) || (i2c_freq_mode < 0)) { + pr_err("%s:%d invalid i2c_freq_mode %d\n", + __func__, __LINE__, i2c_freq_mode); + return NULL; + } + clk_params = &cci_dev->cci_clk_params[i2c_freq_mode]; cci_clk_src = clk_params->cci_clk_src; -- cgit v1.1