msm: camera: common: Fix kernel code and add checks
Fix Kernel code and add security checks to avoid possible out of bound array access variables. CRs-fixed: 3038735 Change-Id: Idaf0889026dbf138d0cb94a0f88e5b6941ff21e2 Signed-off-by: Jigar Agrawal <jigar@codeaurora.org>
Этот коммит содержится в:
Jigar Agrawal
@@ -1331,6 +1331,13 @@ static int __cam_isp_ctx_handle_buf_done_for_request_verify_addr(
|
|||||||
CAM_DBG(CAM_ISP, "Enter with bubble_state %d, req_bubble_detected %d",
|
CAM_DBG(CAM_ISP, "Enter with bubble_state %d, req_bubble_detected %d",
|
||||||
bubble_state, req_isp->bubble_detected);
|
bubble_state, req_isp->bubble_detected);
|
||||||
|
|
||||||
|
if (done->num_handles > CAM_NUM_OUT_PER_COMP_IRQ_MAX) {
|
||||||
|
CAM_ERR(CAM_ISP, "ctx: %u req: %llu num_handles: %u is more than %u",
|
||||||
|
ctx->ctx_id, req->request_id,
|
||||||
|
done->num_handles, CAM_NUM_OUT_PER_COMP_IRQ_MAX);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; i < done->num_handles; i++) {
|
for (i = 0; i < done->num_handles; i++) {
|
||||||
for (j = 0; j < req_isp->num_fence_map_out; j++) {
|
for (j = 0; j < req_isp->num_fence_map_out; j++) {
|
||||||
cmp_addr = cam_smmu_is_expanded_memory() ? CAM_36BIT_INTF_GET_IOVA_BASE(
|
cmp_addr = cam_smmu_is_expanded_memory() ? CAM_36BIT_INTF_GET_IOVA_BASE(
|
||||||
|
|||||||
Ссылка в новой задаче
Block a user