diff options
| author | Haibin Liu <haibinl@codeaurora.org> | 2019-04-30 14:16:47 +0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-07-08 19:09:41 -0700 |
| commit | 1656e2e44ddae9abd52419113d9ab5eb5a10cbc3 (patch) | |
| tree | 32762292defff3ce63cc7b6210a5134e99624d58 | |
| parent | a19883a728162e7e4b66e2810d1892a84841f26c (diff) | |
msm: sensor: actuator: fix out of bound read for bivcm region params
The region index for bivcm is not validated against the region size.
This causes out-of-bound read on the KASAN kernel.
Add restriction that region index smaller than region size.
CRs-Fixed: 2379514
Change-Id: I72c4a41a4b41c8fa70c174ffd3215a81eaa14355
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>
| -rw-r--r-- | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c index 6d60aabae6a5..c80f8159220d 100644 --- a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c +++ b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved. +/* Copyright (c) 2011-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -768,6 +768,9 @@ static int32_t msm_actuator_bivcm_move_focus( a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos); while (a_ctrl->curr_step_pos != dest_step_pos) { + if (a_ctrl->curr_region_index >= a_ctrl->region_size) + break; + step_boundary = a_ctrl->region_params[a_ctrl->curr_region_index]. step_bound[dir]; |