Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-08 20:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
86c2d7a648
DivestOS/Patches/Linux_CVEs/CVE-2014-9780/0.patch

31 lines
1.0 KiB
Diff
Raw Blame History

From b5bb13e1f738f90df11e0c17f843c73999a84a54 Mon Sep 17 00:00:00 2001
From: Terence Hampson <thampson@codeaurora.org>
Date: Thu, 19 Sep 2013 10:53:18 -0400
Subject: mdss: mdp3: Validate input from userspace
Fully verify that the values from client are safe to use.
Change-Id: I73d6839f5bccd53b8bc2d812dc7673b13735299c
Signed-off-by: Terence Hampson <thampson@codeaurora.org>
---
drivers/video/msm/mdss/mdp3_ctrl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/msm/mdss/mdp3_ctrl.c b/drivers/video/msm/mdss/mdp3_ctrl.c
index ee51e92..1d6d437 100644
--- a/drivers/video/msm/mdss/mdp3_ctrl.c
+++ b/drivers/video/msm/mdss/mdp3_ctrl.c
@@ -1218,7 +1218,8 @@ static int mdp3_ctrl_lut_update(struct msm_fb_data_type *mfd,
if (!mdp3_session->dma->config_lut)
return -EINVAL;
- if (cmap->start + cmap->len > MDP_LUT_SIZE) {
+ if (cmap->start > MDP_LUT_SIZE || cmap->len > MDP_LUT_SIZE ||
+ (cmap->start + cmap->len > MDP_LUT_SIZE)) {
pr_err("mdp3_ctrl_lut_update invalid arguments\n");
return -EINVAL;
}
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink