msm: mdss: Fix possible integer overflow (3db0ebfa) · Commits · e / devices / android_kernel_xiaomi_markw

drivers/video/msm/mdss/mdp3_ppp.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -37,6 +37,7 @@
		#define MDP_PPP_MAX_BPP 4
		#define MDP_PPP_DYNAMIC_FACTOR 3
		#define MDP_PPP_MAX_READ_WRITE 3
		#define MDP_PPP_MAX_WIDTH 0xFFF
		#define ENABLE_SOLID_FILL 0x2
		#define DISABLE_SOLID_FILL 0x0
		#define BLEND_LATENCY 3
		@@ -147,6 +148,11 @@ int mdp3_ppp_get_img(struct mdp_img img, struct mdp_blit_req req,
		return -EINVAL;
		}

		if (img->width > MDP_PPP_MAX_WIDTH) {
		pr_err("%s incorrect width %d\n", __func__, img->width);
		return -EINVAL;
		}

		fb_data.flags = img->priv;
		fb_data.memory_id = img->memory_id;
		fb_data.offset = 0;