DivestOS/Patches/Linux_CVEs/CVE-2014-0976/ANY/0001.patch

From ee37138b8ceee6035c93756043eaac7eaa1c0948 Mon Sep 17 00:00:00 2001
From: Suman Mukherjee <sumam@codeaurora.org>
Date: Wed, 17 Dec 2014 10:00:49 +0530
Subject: msm: camera: ispif: Validate vfe_intf parameter

Validate vfe_intf parameter to avoid invalid register access.

Change-Id: Ie0b57071cc5fca1c48d3a5e2e7819f9af9ff544c
Signed-off-by: Suman Mukherjee <sumam@codeaurora.org>
---
 drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
index 8f99ff6..d044c1d 100755
--- a/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
+++ b/drivers/media/platform/msm/camera_v2/ispif/msm_ispif.c
@@ -60,8 +60,8 @@ static void msm_ispif_io_dump_reg(struct ispif_device *ispif)
 static inline int msm_ispif_is_intf_valid(uint32_t csid_version,
 	uint8_t intf_type)
 {
-	return (csid_version <= CSID_VERSION_V22 && intf_type != VFE0) ?
-		false : true;
+        return ((csid_version <= CSID_VERSION_V22 && intf_type != VFE0) ||
+                (intf_type >= VFE_MAX)) ? false : true;
 }
 
 static struct msm_cam_clk_info ispif_8626_reset_clk_info[] = {
-- 
cgit v1.1