Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 05:35:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
86c2d7a648
DivestOS/Patches/Linux_CVEs/CVE-2017-8260/0.patch

83 lines
2.9 KiB
Diff
Raw Blame History

From 52a2a62a5b0e9dd917bcd9a6d86d674833cc91b7 Mon Sep 17 00:00:00 2001
From: Gaoxiang Chen <gaochen@codeaurora.org>
Date: Fri, 31 Mar 2017 14:28:33 +0800
Subject: msm: camera: don't cut to 8bits for validating enum variable
In msm_ispif_is_intf_valid(),
we convert a enum variable msm_ispif_vfe_intf,
to uint8_t type for validating.
This could cause potential issue,
if the value is crafted in such a way that lower 8bits pass the validation.
Don't use uint8_t as input parm to avoid such vulnerability.
CRs-Fixed: 2008469
Change-Id: I4ee400ac0edd830decfbe5712966d968976a268a
Signed-off-by: Gaoxiang Chen <gaochen@codeaurora.org>
---
drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
index 4e07d4d..8409a64 100644
--- a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
+++ b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
@@ -64,7 +64,7 @@ static void msm_ispif_io_dump_reg(struct ispif_device *ispif)
static inline int msm_ispif_is_intf_valid(uint32_t csid_version,
- uint8_t intf_type)
+ enum msm_ispif_vfe_intf intf_type)
{
return ((csid_version <= CSID_VERSION_V22 && intf_type != VFE0) ||
(intf_type >= VFE_MAX)) ? false : true;
@@ -347,7 +347,7 @@ static int msm_ispif_subdev_g_chip_ident(struct v4l2_subdev *sd,
}
static void msm_ispif_sel_csid_core(struct ispif_device *ispif,
- uint8_t intftype, uint8_t csid, uint8_t vfe_intf)
+ uint8_t intftype, uint8_t csid, enum msm_ispif_vfe_intf vfe_intf)
{
uint32_t data;
@@ -387,7 +387,7 @@ static void msm_ispif_sel_csid_core(struct ispif_device *ispif,
}
static void msm_ispif_enable_crop(struct ispif_device *ispif,
- uint8_t intftype, uint8_t vfe_intf, uint16_t start_pixel,
+ uint8_t intftype, enum msm_ispif_vfe_intf vfe_intf, uint16_t start_pixel,
uint16_t end_pixel)
{
uint32_t data;
@@ -419,7 +419,7 @@ static void msm_ispif_enable_crop(struct ispif_device *ispif,
}
static void msm_ispif_enable_intf_cids(struct ispif_device *ispif,
- uint8_t intftype, uint16_t cid_mask, uint8_t vfe_intf, uint8_t enable)
+ uint8_t intftype, uint16_t cid_mask, enum msm_ispif_vfe_intf vfe_intf, uint8_t enable)
{
uint32_t intf_addr, data;
@@ -461,7 +461,7 @@ static void msm_ispif_enable_intf_cids(struct ispif_device *ispif,
}
static int msm_ispif_validate_intf_status(struct ispif_device *ispif,
- uint8_t intftype, uint8_t vfe_intf)
+ uint8_t intftype, enum msm_ispif_vfe_intf vfe_intf)
{
int rc = 0;
uint32_t data = 0;
@@ -501,7 +501,7 @@ static int msm_ispif_validate_intf_status(struct ispif_device *ispif,
}
static void msm_ispif_select_clk_mux(struct ispif_device *ispif,
- uint8_t intftype, uint8_t csid, uint8_t vfe_intf)
+ uint8_t intftype, uint8_t csid, enum msm_ispif_vfe_intf vfe_intf)
{
uint32_t data = 0;
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink