From 8f236391e5187c05f7f4b937856944be0af7aaa5 Mon Sep 17 00:00:00 2001 From: Junzhe Zou Date: Wed, 15 Mar 2017 15:06:04 -0700 Subject: msm: ispif: fix a bug in checking the validity of vfe intf Parse the whole length of vfe intf to the validate function to avoid the situation that the lower 8bits pass the validation while intf is crafted to a large value which can cause buffer overflow later. CRs-Fixed: 2008469 Change-Id: I0de19ec36d73918ab2f38eb7ba1f833c02a3face Signed-off-by: Junzhe Zou --- drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c index 03aa65d..ccc983f 100644 --- a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c +++ b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c @@ -87,7 +87,7 @@ static void msm_ispif_io_dump_reg(struct ispif_device *ispif) static inline int msm_ispif_is_intf_valid(uint32_t csid_version, - uint8_t intf_type) + enum msm_ispif_vfe_intf intf_type) { return ((csid_version <= CSID_VERSION_V22 && intf_type != VFE0) || (intf_type >= VFE_MAX)) ? false : true; -- cgit v1.1