| commit | 084e2c833b394735481a1ce70749aaef1203fd0f | [log] [tgz] |
|---|---|---|
| author | Trilokesh Rangam <tranga@codeaurora.org> | Tue Mar 21 11:10:33 2017 +0800 |
| committer | Teemu Hukkanen <teemu@fairphone.com> | Sun Apr 23 20:12:44 2017 +0200 |
| tree | e0a6cacd311efcee49a1848a869667cb3b543c95 | |
| parent | dca24154a6d562c10c6864545d0c27cdd615e7e5 [diff] |
FPII-2954 :Elevation of privilege vulnerability in Qualcomm video driver CVE-2016-10233: Apply QC-CR#897452 msm-camera: Addressing possible overflow conditions Changes to address possible integer overflow and incorrect array indexing conditions. Change-Id: I51355793cfe3111dd2120839c3ed97681d68dbcb
diff --git a/drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_io_util.c b/drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_io_util.c index 403bfff..7c65645 100644 --- a/drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_io_util.c +++ b/drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_io_util.c
@@ -251,6 +251,12 @@ pr_err("%s:%d vreg sequence invalid\n", __func__, __LINE__); return -EINVAL; } + + if (cam_vreg == NULL) { + pr_err("%s:%d cam_vreg sequence invalid\n", __func__, __LINE__); + return -EINVAL; + } + if (!num_vreg_seq) num_vreg_seq = num_vreg;