Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a99ab9b authored by Sachin Bhayare's avatar Sachin Bhayare Committed by Gerrit - the friendly Code Review server
Browse files

msm: mdss: Fix possible integer overflow 



Avoid possible integer overflow while validating mdp3 image
parameters.

Change-Id: Ifd972134a23f653cf38134510d98dec5a604d2bc
CRs-Fixed: 1107055
Signed-off-by: default avatarSachin Bhayare <sachin.bhayare@codeaurora.org>
parent de207d8f

drivers/video/fbdev/msm/mdp3_ppp.c

+7 −0
Original line number Diff line number Diff line 
/* Copyright (c) 2007, 2013-2014, 2016, The Linux Foundation. All rights reserved.

 * Copyright (c) 2017, The Linux Foundation. All rights reserved.

 * Copyright (C) 2007 Google Incorporated

 *

 * This software is licensed under the terms of the GNU General Public
@@ -39,6 +40,7 @@ 
#define MDP_PPP_MAX_BPP 4

#define MDP_PPP_DYNAMIC_FACTOR 3

#define MDP_PPP_MAX_READ_WRITE 3

#define MDP_PPP_MAX_WIDTH	0xFFF

#define ENABLE_SOLID_FILL	0x2

#define DISABLE_SOLID_FILL	0x0

#define BLEND_LATENCY		3
@@ -152,6 +154,11 @@ int mdp3_ppp_get_img(struct mdp_img *img, struct mdp_blit_req *req, 
		return -EINVAL;

	}



	if (img->width > MDP_PPP_MAX_WIDTH) {

		pr_err("%s incorrect width %d\n", __func__, img->width);

		return -EINVAL;

	}



	fb_data.flags = img->priv;

	fb_data.memory_id = img->memory_id;

	fb_data.offset = 0;