mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From 7beb04ea945a7178e61d935918d3cb152996b558 Mon Sep 17 00:00:00 2001
|
|
From: Alok Kediya <kediya@codeaurora.org>
|
|
Date: Mon, 9 Dec 2013 10:52:49 +0530
|
|
Subject: msm: camera: Added bounds check for index parameter
|
|
|
|
Bound check the index param from user space to avoid
|
|
any invalid memory access.
|
|
|
|
CRs-Fixed: 583366
|
|
|
|
Change-Id: I0f887bb8f1fa5a69a55e23dbb522b3bb694ad27f
|
|
Signed-off-by: Alok Kediya <kediya@codeaurora.org>
|
|
---
|
|
drivers/media/video/msm/server/msm_cam_server.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/drivers/media/video/msm/server/msm_cam_server.c b/drivers/media/video/msm/server/msm_cam_server.c
|
|
index 5fc8e83..6e49082 100644
|
|
--- a/drivers/media/video/msm/server/msm_cam_server.c
|
|
+++ b/drivers/media/video/msm/server/msm_cam_server.c
|
|
@@ -1390,6 +1390,15 @@ static long msm_ioctl_server(struct file *file, void *fh,
|
|
}
|
|
|
|
mutex_lock(&g_server_dev.server_queue_lock);
|
|
+
|
|
+ if(u_isp_event.isp_data.ctrl.queue_idx < 0 ||
|
|
+ u_isp_event.isp_data.ctrl.queue_idx >= MAX_NUM_ACTIVE_CAMERA) {
|
|
+ pr_err("%s: Invalid index %d\n", __func__,
|
|
+ u_isp_event.isp_data.ctrl.queue_idx);
|
|
+ rc = -EINVAL;
|
|
+ return rc;
|
|
+ }
|
|
+
|
|
if (!g_server_dev.server_queue
|
|
[u_isp_event.isp_data.ctrl.queue_idx].queue_active) {
|
|
pr_err("%s: Invalid queue\n", __func__);
|
|
--
|
|
cgit v1.1
|
|
|