Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / cac6a85fdd8a138254e697c5a94a7cfa13498e86
commitcac6a85fdd8a138254e697c5a94a7cfa13498e86[log] [tgz]
authorNishant Pandit <npandit@codeaurora.org>Wed Jun 19 07:14:02 2013 +0530
committerNishant Pandit <npandit@codeaurora.org>Tue Jul 02 22:49:32 2013 +0530
tree74e0601aa5db86dde119ef35ec36741c0bfb873a
parent83322fe198bb3c48fb6e8c327777cf0c6f06d59b [diff]
msm: camera: Add fix to avoid array index out of bound in cpp

  The parameter for number of buffers passed from user space
may be very large. While allocating memory, this could result
in integer overflow. As a result lesser memory will be allocated
then expected. This inturn may result in array index out of bound
error when the pointer is used to access memory.

  The fix is to limit the maximum requested buffers per stream. If
request is greater than the maximum value, error is returned back
to user space.

CRs-Fixed: 489273
Change-Id: I3d316f439610609cd36615eea3e68d0e8a0be0d7
Signed-off-by: Nishant Pandit <npandit@codeaurora.org>
(cherry picked from commit b7126cdd15b764bad8fe9fafe3dbd6ee3e8d44ec)
2 files changed
tree: 74e0601aa5db86dde119ef35ec36741c0bfb873a
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS