Loading drivers/media/platform/msm/ais/cam_cdm/cam_cdm_virtual_core.c +1 −1 Original line number Diff line number Diff line Loading @@ -120,7 +120,7 @@ int cam_virtual_cdm_submit_bl(struct cam_hw_info *cdm_hw, (len >= cdm_cmd->cmd[i].offset)) { if ((len - cdm_cmd->cmd[i].offset) < if ((len - cdm_cmd->cmd[i].offset) <= cdm_cmd->cmd[i].len) { CAM_ERR(CAM_CDM, "Not enough buffer"); rc = -EINVAL; Loading drivers/media/platform/msm/ais/cam_isp/cam_isp_context.c +2 −1 Original line number Diff line number Diff line Loading @@ -147,7 +147,8 @@ static void cam_isp_ctx_dump_req(struct cam_isp_ctx_req *req_isp) } remain_len = len - req_isp->cfg[i].offset; if (req_isp->cfg[i].len > remain_len) { if ((req_isp->cfg[i].len > remain_len) || (req_isp->cfg[i].len == 0)) { CAM_ERR(CAM_ISP, "Invalid offset"); need_put = true; } Loading drivers/media/platform/msm/ais/cam_sensor_module/cam_actuator/cam_actuator_core.c +1 −0 Original line number Diff line number Diff line Loading @@ -523,6 +523,7 @@ int32_t cam_actuator_i2c_pkt_parse(struct cam_actuator_ctrl_t *a_ctrl, remain_len = len_of_buff - cmd_desc[i].offset; cmd_buf += cmd_desc[i].offset / sizeof(uint32_t); cmm_hdr = (struct common_header *)cmd_buf; remain_len -= sizeof(struct common_header); switch (cmm_hdr->cmd_type) { case CAMERA_SENSOR_CMD_TYPE_I2C_INFO: Loading drivers/media/platform/msm/ais/cam_utils/cam_packet_util.c +2 −1 Original line number Diff line number Diff line Loading @@ -131,7 +131,7 @@ int cam_packet_util_get_kmd_buffer(struct cam_packet *packet, remain_len = len; if (((size_t)cmd_desc->offset >= len) || ((size_t)cmd_desc->size > (len - (size_t)cmd_desc->offset))) { ((size_t)cmd_desc->size >= (len - (size_t)cmd_desc->offset))) { CAM_ERR(CAM_UTIL, "invalid memory len:%zd and cmd desc size:%d", len, cmd_desc->size); rc = -EINVAL; Loading @@ -147,6 +147,7 @@ int cam_packet_util_get_kmd_buffer(struct cam_packet *packet, } cpu_addr += (cmd_desc->offset / 4) + (packet->kmd_cmd_buf_offset / 4); remain_len -= packet->kmd_cmd_buf_offset; CAM_DBG(CAM_UTIL, "total size %d, cmd size: %d, KMD buffer size: %d", cmd_desc->size, cmd_desc->length, cmd_desc->size - cmd_desc->length); Loading Loading
drivers/media/platform/msm/ais/cam_cdm/cam_cdm_virtual_core.c +1 −1 Original line number Diff line number Diff line Loading @@ -120,7 +120,7 @@ int cam_virtual_cdm_submit_bl(struct cam_hw_info *cdm_hw, (len >= cdm_cmd->cmd[i].offset)) { if ((len - cdm_cmd->cmd[i].offset) < if ((len - cdm_cmd->cmd[i].offset) <= cdm_cmd->cmd[i].len) { CAM_ERR(CAM_CDM, "Not enough buffer"); rc = -EINVAL; Loading
drivers/media/platform/msm/ais/cam_isp/cam_isp_context.c +2 −1 Original line number Diff line number Diff line Loading @@ -147,7 +147,8 @@ static void cam_isp_ctx_dump_req(struct cam_isp_ctx_req *req_isp) } remain_len = len - req_isp->cfg[i].offset; if (req_isp->cfg[i].len > remain_len) { if ((req_isp->cfg[i].len > remain_len) || (req_isp->cfg[i].len == 0)) { CAM_ERR(CAM_ISP, "Invalid offset"); need_put = true; } Loading
drivers/media/platform/msm/ais/cam_sensor_module/cam_actuator/cam_actuator_core.c +1 −0 Original line number Diff line number Diff line Loading @@ -523,6 +523,7 @@ int32_t cam_actuator_i2c_pkt_parse(struct cam_actuator_ctrl_t *a_ctrl, remain_len = len_of_buff - cmd_desc[i].offset; cmd_buf += cmd_desc[i].offset / sizeof(uint32_t); cmm_hdr = (struct common_header *)cmd_buf; remain_len -= sizeof(struct common_header); switch (cmm_hdr->cmd_type) { case CAMERA_SENSOR_CMD_TYPE_I2C_INFO: Loading
drivers/media/platform/msm/ais/cam_utils/cam_packet_util.c +2 −1 Original line number Diff line number Diff line Loading @@ -131,7 +131,7 @@ int cam_packet_util_get_kmd_buffer(struct cam_packet *packet, remain_len = len; if (((size_t)cmd_desc->offset >= len) || ((size_t)cmd_desc->size > (len - (size_t)cmd_desc->offset))) { ((size_t)cmd_desc->size >= (len - (size_t)cmd_desc->offset))) { CAM_ERR(CAM_UTIL, "invalid memory len:%zd and cmd desc size:%d", len, cmd_desc->size); rc = -EINVAL; Loading @@ -147,6 +147,7 @@ int cam_packet_util_get_kmd_buffer(struct cam_packet *packet, } cpu_addr += (cmd_desc->offset / 4) + (packet->kmd_cmd_buf_offset / 4); remain_len -= packet->kmd_cmd_buf_offset; CAM_DBG(CAM_UTIL, "total size %d, cmd size: %d, KMD buffer size: %d", cmd_desc->size, cmd_desc->length, cmd_desc->size - cmd_desc->length); Loading
