mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 05:35:54 +00:00
46 lines
1.7 KiB
Diff
46 lines
1.7 KiB
Diff
From 8e6daae70422ad35146a87700e6634a747d1ff5d Mon Sep 17 00:00:00 2001
|
|
From: Hariram Purushothaman <hpurus@codeaurora.org>
|
|
Date: Tue, 16 Jul 2013 11:23:47 -0700
|
|
Subject: msm: camera: Bound check num_cid from userspace in csid driver
|
|
|
|
Upper and lower bound checks are enforced for num_cid
|
|
which is passed from userspace with lower as 1 and
|
|
max of 16.
|
|
|
|
Change-Id: Ic5456289cb2f2b4ea17610a7672eb2c5225b7954
|
|
Signed-off-by: Hariram Purushothaman <hpurus@codeaurora.org>
|
|
---
|
|
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c b/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c
|
|
index 9aca234..229fdb2 100644
|
|
--- a/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c
|
|
+++ b/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c
|
|
@@ -440,7 +440,7 @@ static long msm_csid_cmd(struct csid_device *csid_dev, void *arg)
|
|
case CSID_CFG: {
|
|
struct msm_camera_csid_params csid_params;
|
|
struct msm_camera_csid_vc_cfg *vc_cfg = NULL;
|
|
- int32_t i = 0;
|
|
+ int8_t i = 0;
|
|
if (copy_from_user(&csid_params,
|
|
(void *)cdata->cfg.csid_params,
|
|
sizeof(struct msm_camera_csid_params))) {
|
|
@@ -448,6 +448,13 @@ static long msm_csid_cmd(struct csid_device *csid_dev, void *arg)
|
|
rc = -EFAULT;
|
|
break;
|
|
}
|
|
+ if (csid_params.lut_params.num_cid < 1 ||
|
|
+ csid_params.lut_params.num_cid > 16) {
|
|
+ pr_err("%s: %d num_cid outside range\n",
|
|
+ __func__, __LINE__);
|
|
+ rc = -EINVAL;
|
|
+ break;
|
|
+ }
|
|
for (i = 0; i < csid_params.lut_params.num_cid; i++) {
|
|
vc_cfg = kzalloc(csid_params.lut_params.num_cid *
|
|
sizeof(struct msm_camera_csid_vc_cfg),
|
|
--
|
|
cgit v1.1
|
|
|