msm: camera: ife: Add ife num outport bound checks (45dbb6c0) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/cam_isp/isp_hw_mgr/hw_utils/cam_isp_packet_parser.c

+6 −8

Original line number	Diff line number	Diff line
		@@ -124,6 +124,12 @@ static int cam_isp_update_dual_config(
		cpu_addr += (cmd_desc->offset / 4);
		dual_config = (struct cam_isp_dual_config *)cpu_addr;

		if (dual_config->num_ports > size_isp_out) {
		CAM_ERR(CAM_ISP, "num_ports %d more than max_vfe_out_res %d",
		dual_config->num_ports, size_isp_out);
		return -EINVAL;
		}

		if ((dual_config->num_ports *
		sizeof(struct cam_isp_dual_stripe_config)) >
		(remain_len - offsetof(struct cam_isp_dual_config, stripes))) {
		@@ -132,14 +138,6 @@ static int cam_isp_update_dual_config(
		}
		for (i = 0; i < dual_config->num_ports; i++) {

		if (i >= CAM_ISP_IFE_OUT_RES_BASE + size_isp_out) {
		CAM_ERR(CAM_ISP,
		"failed update for i:%d > size_isp_out:%d",
		i, size_isp_out);
		rc = -EINVAL;
		goto end;
		}

		hw_mgr_res = &res_list_isp_out[i];
		if (!hw_mgr_res) {
		CAM_ERR(CAM_ISP,