diff options
| author | Linux Build Service Account <lnxbuild@quicinc.com> | 2018-01-18 00:05:38 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-01-18 00:05:38 -0800 |
| commit | 1a98475dd43b366307f6fc1654a7a301d70a411c (patch) | |
| tree | daeab753e4d0ee02db748b9e18734ed5b5a5a357 | |
| parent | 38161bed321b2acd81460cdcc2e8d6c7fc0364ba (diff) | |
| parent | 4d4fccf24eb9330f3add471255cc55d4279da025 (diff) | |
Merge "msm: ais: sensor: actuator: avoid accessing out of bound memory"
| -rw-r--r-- | drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c index f11c2652728a..260c1dc3e963 100644 --- a/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c +++ b/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c @@ -56,6 +56,10 @@ static int32_t msm_actuator_piezo_set_default_focus( struct msm_camera_i2c_reg_setting reg_setting; CDBG("Enter\n"); + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } if (a_ctrl->curr_step_pos != 0) { a_ctrl->i2c_tbl_index = 0; @@ -539,6 +543,12 @@ static int32_t msm_actuator_piezo_move_focus( return -EFAULT; } + + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } + if (dest_step_position > a_ctrl->total_steps) { pr_err("Step pos greater than total steps = %d\n", dest_step_position); @@ -596,6 +606,12 @@ static int32_t msm_actuator_move_focus( pr_err("Invalid direction = %d\n", dir); return -EFAULT; } + + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } + if (dest_step_pos > a_ctrl->total_steps) { pr_err("Step pos greater than total steps = %d\n", dest_step_pos); @@ -1179,7 +1195,8 @@ static int32_t msm_actuator_set_position( } if (!a_ctrl || !a_ctrl->func_tbl || - !a_ctrl->func_tbl->actuator_parse_i2c_params) { + !a_ctrl->func_tbl->actuator_parse_i2c_params || + !a_ctrl->i2c_reg_tbl) { pr_err("failed. NULL actuator pointers."); return -EFAULT; } @@ -1291,7 +1308,6 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, a_ctrl->region_size = set_info->af_tuning_params.region_size; a_ctrl->pwd_step = set_info->af_tuning_params.pwd_step; - a_ctrl->total_steps = set_info->af_tuning_params.total_steps; if (copy_from_user(&a_ctrl->region_params, (void __user *)set_info->af_tuning_params.region_params, @@ -1305,7 +1321,6 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, cci_client->sid = set_info->actuator_params.i2c_addr >> 1; cci_client->retries = 3; - cci_client->id_map = 0; cci_client->cci_i2c_master = a_ctrl->cci_master; cci_client->i2c_freq_mode = set_info->actuator_params.i2c_freq_mode; @@ -1338,6 +1353,8 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, return -ENOMEM; } + a_ctrl->total_steps = set_info->af_tuning_params.total_steps; + if (copy_from_user(&a_ctrl->reg_tbl, (void __user *)set_info->actuator_params.reg_tbl_params, a_ctrl->reg_tbl_size * |