From 89e0fbac4c2b6c93c799720e71b4b3bed99ddd3e Mon Sep 17 00:00:00 2001 From: Suman Mukherjee <sumam@codeaurora.org> Date: Tue, 9 Dec 2014 13:25:36 +0530 Subject: [PATCH] msm: camera: add check for csid_cid to prevent of overwrite memory add sanity check for csid cid to ensute that we never read or write outside csid_dev->mem buffer Bug: 19134929 Change-Id: Ic8f0d689fa176720ae3a3316f2ad27556ae7bde5 Signed-off-by: Suman Mukherjee <sumam@codeaurora.org> Signed-off-by: Patrick Tjin <pattjin@google.com> --- .../media/platform/msm/camera_v2/sensor/csid/msm_csid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c b/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c index 78136d32da84..04068c2f62c9 100644 --- a/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c +++ b/drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c @@ -48,6 +48,13 @@ static int msm_csid_cid_lut( return -EINVAL; } for (i = 0; i < csid_lut_params->num_cid && i < 16; i++) { + if (csid_lut_params->vc_cfg[i]->cid >= + csid_lut_params->num_cid || + csid_lut_params->vc_cfg[i]->cid < 0) { + pr_err("%s: cid outside range %d\n", + __func__, csid_lut_params->vc_cfg[i]->cid); + return -EINVAL; + } CDBG("%s lut params num_cid = %d, cid = %d, dt = %x, df = %d\n", __func__, csid_lut_params->num_cid, -- GitLab