mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
33 lines
1.2 KiB
Diff
33 lines
1.2 KiB
Diff
From 8f236391e5187c05f7f4b937856944be0af7aaa5 Mon Sep 17 00:00:00 2001
|
|
From: Junzhe Zou <jnzhezou@codeaurora.org>
|
|
Date: Wed, 15 Mar 2017 15:06:04 -0700
|
|
Subject: msm: ispif: fix a bug in checking the validity of vfe intf
|
|
|
|
Parse the whole length of vfe intf to the validate function to avoid
|
|
the situation that the lower 8bits pass the validation while intf is
|
|
crafted to a large value which can cause buffer overflow later.
|
|
|
|
CRs-Fixed: 2008469
|
|
Change-Id: I0de19ec36d73918ab2f38eb7ba1f833c02a3face
|
|
Signed-off-by: Junzhe Zou <jnzhezou@codeaurora.org>
|
|
---
|
|
drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
|
|
index 03aa65d..ccc983f 100644
|
|
--- a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
|
|
+++ b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
|
|
@@ -87,7 +87,7 @@ static void msm_ispif_io_dump_reg(struct ispif_device *ispif)
|
|
|
|
|
|
static inline int msm_ispif_is_intf_valid(uint32_t csid_version,
|
|
- uint8_t intf_type)
|
|
+ enum msm_ispif_vfe_intf intf_type)
|
|
{
|
|
return ((csid_version <= CSID_VERSION_V22 && intf_type != VFE0) ||
|
|
(intf_type >= VFE_MAX)) ? false : true;
|
|
--
|
|
cgit v1.1
|
|
|