Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5ea7e88b authored by Rajakumar Govindaram's avatar Rajakumar Govindaram Committed by Vinay Kalia
Browse files

msm: camera2: cpp: Fix out-of-scope pointer variable 



The variable used for compat ioctl is having local scope.
This results in invalid pointer access resulting in random
crash.

Change-Id: I120b7cb6ced31d9e41555c4991cbf15b759c8a04
Signed-off-by: default avatarRajakumar Govindaram <rajakuma@codeaurora.org>
parent 1a608dd9

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -3556,6 +3556,7 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, 
	struct msm_cpp_stream_buff_info_t k_cpp_buff_info;

	struct msm_cpp_stream_buff_info_t k_cpp_buff_info;

	struct msm_cpp_frame_info32_t k32_frame_info;

	struct msm_cpp_frame_info32_t k32_frame_info;

	struct msm_cpp_frame_info_t k64_frame_info;

	struct msm_cpp_frame_info_t k64_frame_info;

	uint32_t identity_k = 0;

	void __user *up = (void __user *)arg;

	void __user *up = (void __user *)arg;





	if (sd == NULL) {

	if (sd == NULL) {
@@ -3724,7 +3725,6 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, 
		break;

		break;

	}

	}

	case VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO32: {

	case VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO32: {

		uint32_t identity_k = 0;

		uint32_t *identity_u = (uint32_t *)kp_ioctl.ioctl_ptr;

		uint32_t *identity_u = (uint32_t *)kp_ioctl.ioctl_ptr;





		get_user(identity_k, identity_u);

		get_user(identity_k, identity_u);