Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f27478d6 authored by Manish Poddar's avatar Manish Poddar Committed by TARKZiM
Browse files

msm: Camera buffer overflow fix 



find_first_zero bit is considering addr parameter as unsigned
long and we are passing int variable.In the function it access
addr[i], so it tries to access 8 bytes , actual size of
open_idx and stream_id are 4 bytes.we change open_idx and
stream_id to long to fix it.

Change-Id: I510059cc8f495957bd2b5af9973b3495761edd06
Signed-off-by: default avatarManish Poddar <mpoddar@codeaurora.org>
parent f769fe92

drivers/media/platform/msm/camera_v2/camera/camera.c

+2 −2
Original line number Diff line number Diff line
@@ -476,7 +476,7 @@ static int camera_v4l2_fh_open(struct file *filep) 
{

	struct msm_video_device *pvdev = video_drvdata(filep);

	struct camera_v4l2_private *sp;

	unsigned int stream_id;

	unsigned long stream_id;



	sp = kzalloc(sizeof(*sp), GFP_KERNEL);

	if (!sp) {
@@ -551,7 +551,7 @@ static int camera_v4l2_open(struct file *filep) 
	int rc = 0;

	struct v4l2_event event;

	struct msm_video_device *pvdev = video_drvdata(filep);

	unsigned int opn_idx, idx;

	unsigned long opn_idx, idx;

	BUG_ON(!pvdev);



	rc = camera_v4l2_fh_open(filep);