mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-11 00:44:23 -05:00
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From 17bfaf64ad503d2e6607d2d3e0956f25bf07eb43 Mon Sep 17 00:00:00 2001
|
|
From: "Pachika, Vikas Reddy" <vpachi@codeaurora.org>
|
|
Date: Tue, 5 Nov 2013 12:48:36 +0530
|
|
Subject: msm: vidc: Validate userspace buffer count before using it
|
|
|
|
Validate the number of buffers count variable before
|
|
using it to avoid structure overflow error.
|
|
|
|
Change-Id: I61582c93e0f26ec6842e437134fb8a42bdbc36ff
|
|
CRs-fixed: 563654
|
|
Signed-off-by: Pachika, Vikas Reddy <vpachi@codeaurora.org>
|
|
---
|
|
drivers/video/msm/vidc/common/dec/vdec.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/drivers/video/msm/vidc/common/dec/vdec.c b/drivers/video/msm/vidc/common/dec/vdec.c
|
|
index a843889..83adec6 100644
|
|
--- a/drivers/video/msm/vidc/common/dec/vdec.c
|
|
+++ b/drivers/video/msm/vidc/common/dec/vdec.c
|
|
@@ -948,6 +948,12 @@ static u32 vid_dec_set_meta_buffers(struct video_client_ctx *client_ctx,
|
|
vcd_meta_buffer->offset = meta_buffers->offset;
|
|
vcd_meta_buffer->pmem_fd_iommu = meta_buffers->pmem_fd_iommu;
|
|
|
|
+ if (meta_buffers->count > MAX_META_BUFFERS) {
|
|
+ ERR("meta buffers maximum count reached, count = %d",
|
|
+ meta_buffers->count);
|
|
+ return false;
|
|
+ }
|
|
+
|
|
if (!vcd_get_ion_status()) {
|
|
if (get_pmem_file(vcd_meta_buffer->pmem_fd,
|
|
(unsigned long *) (&(vcd_meta_buffer->
|
|
--
|
|
cgit v1.1
|
|
|