Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
8ed308c888
DivestOS/Patches/Linux_CVEs/CVE-2014-0975/ANY/0001.patch
Tad 11c7037780 Switch to new CVE patchset
2017-11-07 17:32:46 -05:00

36 lines
1.3 KiB
Diff
Raw Blame History

From 832666bda9606623c3cff5b14873553f82ec1281 Mon Sep 17 00:00:00 2001
From: Suman Mukherjee <sumam@codeaurora.org>
Date: Tue, 9 Dec 2014 13:25:36 +0530
Subject: msm: camera: add check for csid_cid to prevent of overwrite memory
add sanity check for csid cid to ensute that we never read or write
outside csid_dev->mem buffer
Change-Id: Ic8f0d689fa176720ae3a3316f2ad27556ae7bde5
Signed-off-by: Suman Mukherjee <sumam@codeaurora.org>
---
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c b/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c
index 3596a12..53a5ed3 100644
--- a/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c
+++ b/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c
@@ -50,6 +50,13 @@ static int msm_csid_cid_lut(
return -EINVAL;
}
for (i = 0; i < csid_lut_params->num_cid && i < 16; i++) {
+ if (csid_lut_params->vc_cfg[i]->cid >=
+ csid_lut_params->num_cid ||
+ csid_lut_params->vc_cfg[i]->cid < 0) {
+ pr_err("%s: cid outside range %d\n",
+ __func__, csid_lut_params->vc_cfg[i]->cid);
+ return -EINVAL;
+ }
CDBG("%s lut params num_cid = %d, cid = %d, dt = %x, df = %d\n",
__func__,
csid_lut_params->num_cid,
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink