msm: ais: sensor: actuator: avoid accessing out of bound memory (41dc3d95) · Commits · e / devices / android_kernel_xiaomi_markw

drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c

+9 −1

Original line number	Diff line number	Diff line
		@@ -98,6 +98,11 @@ static void msm_actuator_parse_i2c_params(struct msm_actuator_ctrl_t *a_ctrl,
		return;
		}

		if (a_ctrl->i2c_reg_tbl == NULL) {
		pr_err("failed. i2c reg tabl is NULL");
		return;
		}

		size = a_ctrl->reg_tbl_size;
		write_arr = a_ctrl->reg_tbl;
		i2c_tbl = a_ctrl->i2c_reg_tbl;
		@@ -1290,8 +1295,11 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,

		if (copy_from_user(&a_ctrl->region_params,
		(void *)set_info->af_tuning_params.region_params,
		a_ctrl->region_size * sizeof(struct region_params_t)))
		a_ctrl->region_size * sizeof(struct region_params_t))) {
		a_ctrl->total_steps = 0;
		pr_err("Error copying region_params\n");
		return -EFAULT;
		}

		if (a_ctrl->act_device_type == MSM_CAMERA_PLATFORM_DEVICE) {
		cci_client = a_ctrl->i2c_client.cci_client;