From e3af5e89426f1c8d4e703d415eff5435b925649f Mon Sep 17 00:00:00 2001 From: Benet Clark Date: Thu, 10 Nov 2016 17:49:09 -0800 Subject: msm: mdss: Clear compat structures before copying to user In the compat layer, the temporary structures used to convert data from 32bit to 64bit structures need to be set to 0 before being assigned values. CRs-Fixed: 1088206 Change-Id: I04497bc11e01c3df4beadfd6d9b06ab4321f1723 Signed-off-by: Benet Clark --- drivers/video/msm/mdss/mdss_compat_utils.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/video/msm/mdss/mdss_compat_utils.c b/drivers/video/msm/mdss/mdss_compat_utils.c index 5ad51dd..a9ab5c1 100644 --- a/drivers/video/msm/mdss/mdss_compat_utils.c +++ b/drivers/video/msm/mdss/mdss_compat_utils.c @@ -846,6 +846,7 @@ static int __from_user_pcc_coeff_v17( return -EFAULT; } + memset(&pcc_cfg_payload, 0, sizeof(pcc_cfg_payload)); pcc_cfg_payload.r.b = pcc_cfg_payload32.r.b; pcc_cfg_payload.r.g = pcc_cfg_payload32.r.g; pcc_cfg_payload.r.c = pcc_cfg_payload32.r.c; @@ -1127,6 +1128,8 @@ static int __from_user_igc_lut_data_v17( pr_err("failed to copy payload from user for igc\n"); return -EFAULT; } + + memset(&igc_cfg_payload, 0, sizeof(igc_cfg_payload)); igc_cfg_payload.c0_c1_data = compat_ptr(igc_cfg_payload_32.c0_c1_data); igc_cfg_payload.c2_data = compat_ptr(igc_cfg_payload_32.c2_data); igc_cfg_payload.len = igc_cfg_payload_32.len; @@ -1261,6 +1264,7 @@ static int __from_user_pgc_lut_data_v1_7( pr_err("failed to copy from user the pgc32 payload\n"); return -EFAULT; } + memset(&pgc_cfg_payload, 0, sizeof(pgc_cfg_payload)); pgc_cfg_payload.c0_data = compat_ptr(pgc_cfg_payload_32.c0_data); pgc_cfg_payload.c1_data = compat_ptr(pgc_cfg_payload_32.c1_data); pgc_cfg_payload.c2_data = compat_ptr(pgc_cfg_payload_32.c2_data); @@ -1470,6 +1474,7 @@ static int __from_user_hist_lut_data_v1_7( return -EFAULT; } + memset(&hist_lut_cfg_payload, 0, sizeof(hist_lut_cfg_payload)); hist_lut_cfg_payload.len = hist_lut_cfg_payload32.len; hist_lut_cfg_payload.data = compat_ptr(hist_lut_cfg_payload32.data); @@ -2024,6 +2029,7 @@ static int __from_user_pa_data_v1_7( return -EFAULT; } + memset(&pa_cfg_payload, 0, sizeof(pa_cfg_payload)); pa_cfg_payload.mode = pa_cfg_payload32.mode; pa_cfg_payload.global_hue_adj = pa_cfg_payload32.global_hue_adj; pa_cfg_payload.global_sat_adj = pa_cfg_payload32.global_sat_adj; @@ -2280,6 +2286,8 @@ static int __from_user_gamut_cfg_data_v17( pr_err("failed to copy the gamut payload from userspace\n"); return -EFAULT; } + + memset(&gamut_cfg_payload, 0, sizeof(gamut_cfg_payload)); gamut_cfg_payload.mode = gamut_cfg_payload32.mode; for (i = 0; i < MDP_GAMUT_TABLE_NUM_V1_7; i++) { gamut_cfg_payload.tbl_size[i] = -- cgit v1.1