Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d91809f2 authored by VijayaKumar T M's avatar VijayaKumar T M
Browse files

msm: sensor: actuator: add null pointer check for i2c array 



Issue:
i2c_reg_tbl may be null under error condition when set param.
then, other actuator function still may use the i2c_reg_tbl as null.
Fix:
1) the assignment total_steps follow on kmalloc buffer.
2) Add NULL pointer check for i2c tbl.

CRs-Fixed: 2152401
Change-Id: Ieec3d88e6dae0177787da0906f53d59ac4f5a624
Signed-off-by: default avatarHaibin Liu <haibinl@codeaurora.org>
Signed-off-by: default avatarVijayaKumar T M <vtmuni@codeaurora.org>
parent 7de48d1f

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c

+22 −4
Original line number Diff line number Diff line
@@ -57,6 +57,11 @@ static int32_t msm_actuator_piezo_set_default_focus( 


	CDBG("Enter\n");



	if (a_ctrl->i2c_reg_tbl == NULL) {

		pr_err("failed. i2c reg table is NULL");

		return -EFAULT;

	}



	if (a_ctrl->curr_step_pos != 0) {

		a_ctrl->i2c_tbl_index = 0;

		a_ctrl->func_tbl->actuator_parse_i2c_params(a_ctrl,
@@ -99,7 +104,7 @@ static void msm_actuator_parse_i2c_params(struct msm_actuator_ctrl_t *a_ctrl, 
	}



	if (a_ctrl->i2c_reg_tbl == NULL) {

		pr_err("failed. i2c reg tabl is NULL");

		pr_err("failed. i2c reg table is NULL");

		return;

	}
@@ -526,6 +531,11 @@ static int32_t msm_actuator_piezo_move_focus( 


	CDBG("Enter\n");



	if (a_ctrl->i2c_reg_tbl == NULL) {

		pr_err("failed. i2c reg table is NULL");

		return -EFAULT;

	}



	if (copy_from_user(&ringing_params_kernel,

		&(move_params->ringing_params[0]),

		sizeof(struct damping_params_t))) {
@@ -599,6 +609,10 @@ static int32_t msm_actuator_move_focus( 
		pr_err("Invalid direction = %d\n", dir);

		return -EFAULT;

	}

	if (a_ctrl->i2c_reg_tbl == NULL) {

		pr_err("failed. i2c reg table is NULL");

		return -EFAULT;

	}

	if (dest_step_pos > a_ctrl->total_steps) {

		pr_err("Step pos greater than total steps = %d\n",

		dest_step_pos);
@@ -719,6 +733,10 @@ static int32_t msm_actuator_bivcm_move_focus( 
		pr_err("Invalid direction = %d\n", dir);

		return -EFAULT;

	}

	if (a_ctrl->i2c_reg_tbl == NULL) {

		pr_err("failed. i2c reg table is NULL");

		return -EFAULT;

	}

	if (dest_step_pos > a_ctrl->total_steps) {

		pr_err("Step pos greater than total steps = %d\n",

		dest_step_pos);
@@ -1182,7 +1200,8 @@ static int32_t msm_actuator_set_position( 
	}



	if (!a_ctrl || !a_ctrl->func_tbl ||

		!a_ctrl->func_tbl->actuator_parse_i2c_params) {

		!a_ctrl->func_tbl->actuator_parse_i2c_params ||

		!a_ctrl->i2c_reg_tbl) {

		pr_err("failed. NULL actuator pointers.");

		return -EFAULT;

	}
@@ -1294,12 +1313,10 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, 


	a_ctrl->region_size = set_info->af_tuning_params.region_size;

	a_ctrl->pwd_step = set_info->af_tuning_params.pwd_step;

	a_ctrl->total_steps = set_info->af_tuning_params.total_steps;



	if (copy_from_user(&a_ctrl->region_params,

		(void __user *)set_info->af_tuning_params.region_params,

		a_ctrl->region_size * sizeof(struct region_params_t))) {

		a_ctrl->total_steps = 0;

		pr_err("Error copying region_params\n");

		return -EFAULT;

	}
@@ -1341,6 +1358,7 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, 
		return -ENOMEM;

	}



	a_ctrl->total_steps = set_info->af_tuning_params.total_steps;

	if (copy_from_user(&a_ctrl->reg_tbl,

		(void __user *)set_info->actuator_params.reg_tbl_params,

		a_ctrl->reg_tbl_size *