Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
11c7037780
DivestOS/Patches/Linux_CVEs/CVE-2013-4738/ANY/0002.patch
Tad 11c7037780 Switch to new CVE patchset
2017-11-07 17:32:46 -05:00

34 lines
1.2 KiB
Diff
Raw Blame History

From 28385b9c3054c91dca1aa194ffa750550c50f3ce Mon Sep 17 00:00:00 2001
From: Seemanta Dutta <seemanta@codeaurora.org>
Date: Fri, 26 Jul 2013 13:39:05 -0700
Subject: msm: camera: Add lower and upper bounds check in msm_cpp.c ioctl()
Add a check for upper and lower bounds in msm_cpp_subdev_ioctl() for
command code VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO.
CRs-fixed: 518731
Change-Id: I72996e13b7370a3b49f645297c52a118775b2b12
Signed-off-by: Seemanta Dutta <seemanta@codeaurora.org>
---
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c b/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c
index 822c0c8..8c8570d 100644
--- a/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c
+++ b/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c
@@ -1536,6 +1536,10 @@ long msm_cpp_subdev_ioctl(struct v4l2_subdev *sd,
uint32_t identity;
struct msm_cpp_buff_queue_info_t *buff_queue_info;
+ if ((ioctl_ptr->len == 0) ||
+ (ioctl_ptr->len > sizeof(uint32_t)))
+ return -EINVAL;
+
rc = (copy_from_user(&identity,
(void __user *)ioctl_ptr->ioctl_ptr,
ioctl_ptr->len) ? -EFAULT : 0);
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink