msm: camera: sensor: Add boundary check for cci master (a5f07894) · Commits · e / devices / android_kernel_sony_msm8998

drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c

+13 −5

Original line number	Diff line number	Diff line
		@@ -776,10 +776,18 @@ static int32_t msm_cci_i2c_read(struct v4l2_subdev *sd,
		enum cci_i2c_queue_t queue = QUEUE_1;
		struct cci_device *cci_dev = NULL;
		struct msm_camera_cci_i2c_read_cfg *read_cfg = NULL;

		CDBG("%s line %d\n", __func__, __LINE__);
		cci_dev = v4l2_get_subdevdata(sd);
		master = c_ctrl->cci_info->cci_i2c_master;
		read_cfg = &c_ctrl->cfg.cci_i2c_read_cfg;

		if (master >= MASTER_MAX \|\| master < 0) {
		pr_err("%s:%d Invalid I2C master %d\n",
		__func__, __LINE__, master);
		return -EINVAL;
		}

		mutex_lock(&cci_dev->cci_master_info[master].mutex_q[queue]);

		/* Set the I2C Frequency */
		@@ -1004,11 +1012,6 @@ static int32_t msm_cci_i2c_write(struct v4l2_subdev *sd,
		enum cci_i2c_master_t master;

		cci_dev = v4l2_get_subdevdata(sd);
		if (c_ctrl->cci_info->cci_i2c_master >= MASTER_MAX
		\|\| c_ctrl->cci_info->cci_i2c_master < 0) {
		pr_err("%s:%d Invalid I2C master addr\n", __func__, __LINE__);
		return -EINVAL;
		}
		if (cci_dev->cci_state != CCI_STATE_ENABLED) {
		pr_err("%s invalid cci state %d\n",
		__func__, cci_dev->cci_state);
		@@ -1539,6 +1542,11 @@ static int32_t msm_cci_write(struct v4l2_subdev *sd,
		return rc;
		}

		if (c_ctrl->cci_info->cci_i2c_master >= MASTER_MAX
		\|\| c_ctrl->cci_info->cci_i2c_master < 0) {
		pr_err("%s:%d Invalid I2C master addr\n", __func__, __LINE__);
		return -EINVAL;
		}
		master = c_ctrl->cci_info->cci_i2c_master;
		cci_master_info = &cci_dev->cci_master_info[master];