mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
97 lines
3.5 KiB
Diff
97 lines
3.5 KiB
Diff
From 0ee6c6f748e840c266fe26ed3c89d6bd7e3c9d4e Mon Sep 17 00:00:00 2001
|
|
From: Rajesh Bondugula <rajeshb@codeaurora.org>
|
|
Date: Wed, 13 Apr 2016 14:31:58 -0700
|
|
Subject: msm: camera: sensor: Validate step_boundary
|
|
|
|
step_boundary can take values upto the total_steps
|
|
Validate the step_boundary before consuming it.
|
|
Convert the type of step_index and region_index to uint16_t
|
|
step_index and region_index cannot be negative.
|
|
|
|
CRs-Fixed: 1001092
|
|
Change-Id: I1f23fd6f28bb897824a1ef99a8873b9f986eee70
|
|
Signed-off-by: Rajesh Bondugula <rajeshb@codeaurora.org>
|
|
---
|
|
.../msm/camera_v2/sensor/actuator/msm_actuator.c | 35 ++++++++++++++++++----
|
|
1 file changed, 29 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c
|
|
index 7653b1b..b87e31e 100644
|
|
--- a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c
|
|
+++ b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c
|
|
@@ -853,7 +853,7 @@ static int32_t msm_actuator_bivcm_init_step_table(
|
|
{
|
|
int16_t code_per_step = 0;
|
|
int16_t cur_code = 0;
|
|
- int16_t step_index = 0, region_index = 0;
|
|
+ uint16_t step_index = 0, region_index = 0;
|
|
uint16_t step_boundary = 0;
|
|
uint32_t max_code_size = 1;
|
|
uint16_t data_size = set_info->actuator_params.data_size;
|
|
@@ -894,6 +894,15 @@ static int32_t msm_actuator_bivcm_init_step_table(
|
|
step_boundary =
|
|
a_ctrl->region_params[region_index].
|
|
step_bound[MOVE_NEAR];
|
|
+ if (step_boundary >
|
|
+ set_info->af_tuning_params.total_steps) {
|
|
+ pr_err("invalid step_boundary = %d, max_val = %d",
|
|
+ step_boundary,
|
|
+ set_info->af_tuning_params.total_steps);
|
|
+ kfree(a_ctrl->step_position_table);
|
|
+ a_ctrl->step_position_table = NULL;
|
|
+ return -EINVAL;
|
|
+ }
|
|
qvalue = a_ctrl->region_params[region_index].qvalue;
|
|
for (; step_index <= step_boundary;
|
|
step_index++) {
|
|
@@ -929,20 +938,25 @@ static int32_t msm_actuator_init_step_table(struct msm_actuator_ctrl_t *a_ctrl,
|
|
int16_t code_per_step = 0;
|
|
uint32_t qvalue = 0;
|
|
int16_t cur_code = 0;
|
|
- int16_t step_index = 0, region_index = 0;
|
|
+ uint16_t step_index = 0, region_index = 0;
|
|
uint16_t step_boundary = 0;
|
|
uint32_t max_code_size = 1;
|
|
uint16_t data_size = set_info->actuator_params.data_size;
|
|
CDBG("Enter\n");
|
|
|
|
+ /* validate the actuator state */
|
|
+ if (a_ctrl->actuator_state != ACT_OPS_ACTIVE) {
|
|
+ pr_err("%s:%d invalid actuator_state %d\n"
|
|
+ , __func__, __LINE__, a_ctrl->actuator_state);
|
|
+ return -EINVAL;
|
|
+ }
|
|
for (; data_size > 0; data_size--)
|
|
max_code_size *= 2;
|
|
|
|
a_ctrl->max_code_size = max_code_size;
|
|
- if ((a_ctrl->actuator_state == ACT_OPS_ACTIVE) &&
|
|
- (a_ctrl->step_position_table != NULL)) {
|
|
- kfree(a_ctrl->step_position_table);
|
|
- }
|
|
+
|
|
+ /* free the step_position_table to allocate a new one */
|
|
+ kfree(a_ctrl->step_position_table);
|
|
a_ctrl->step_position_table = NULL;
|
|
|
|
if (set_info->af_tuning_params.total_steps
|
|
@@ -971,6 +985,15 @@ static int32_t msm_actuator_init_step_table(struct msm_actuator_ctrl_t *a_ctrl,
|
|
step_boundary =
|
|
a_ctrl->region_params[region_index].
|
|
step_bound[MOVE_NEAR];
|
|
+ if (step_boundary >
|
|
+ set_info->af_tuning_params.total_steps) {
|
|
+ pr_err("invalid step_boundary = %d, max_val = %d",
|
|
+ step_boundary,
|
|
+ set_info->af_tuning_params.total_steps);
|
|
+ kfree(a_ctrl->step_position_table);
|
|
+ a_ctrl->step_position_table = NULL;
|
|
+ return -EINVAL;
|
|
+ }
|
|
for (; step_index <= step_boundary;
|
|
step_index++) {
|
|
if (qvalue > 1 && qvalue <= MAX_QVALUE)
|
|
--
|
|
cgit v1.1
|
|
|