From 7b7534d96813ffe502271b0b3fae0d0d12e3e05b Mon Sep 17 00:00:00 2001 From: Junzhe Zou Date: Wed, 15 Mar 2017 15:06:04 -0700 Subject: msm: ispif: fix a bug in checking the validity of vfe intf Parse the whole length of vfe intf to the validate function to avoid the situation that the lower 8bits pass the validation while intf is crafted to a large value which can cause buffer overflow later. CRs-Fixed: 2008469 Change-Id: I0de19ec36d73918ab2f38eb7ba1f833c02a3face Signed-off-by: Junzhe Zou --- drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c index 1628c098..cb7b2a1 100644 --- a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c +++ b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c @@ -73,7 +73,7 @@ static void msm_ispif_io_dump_reg(struct ispif_device *ispif) static inline int msm_ispif_is_intf_valid(uint32_t csid_version, - uint8_t intf_type) + enum msm_ispif_vfe_intf intf_type) { return ((csid_version <= CSID_VERSION_V22 && intf_type != VFE0) || (intf_type >= VFE_MAX)) ? false : true; -- cgit v1.1