Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 722b9dea authored by Vikash Garodia's avatar Vikash Garodia
Browse files

msm: vidc: Fix out of bound array access 



With loop counter being declared as unsigned, it happens
to be that when none of the loop exit criteria is met,
the counter gets updated with a very high positive
value corresponding to unsigned -1. Due to this the
loop runs through and invalid memory is accessed. This
lead to unhandled page faults.
Declaring the loop counter as signed ensures that the
loop does not run beyond the intended iterations.

Change-Id: Ibe7b420f25fc2a6859655c76df8332663b903473
Signed-off-by: default avatarVikash Garodia <vgarodia@codeaurora.org>
parent 7427cd00

drivers/media/platform/msm/vidc/governors/msm_vidc_table_gov.c

+2 −1
Original line number Diff line number Diff line
@@ -34,7 +34,8 @@ int msm_vidc_table_get_target_freq(struct devfreq *dev, unsigned long *freq, 
	struct msm_vidc_gov_data *vidc_data = NULL;

	struct msm_vidc_bus_table_gov *gov = NULL;

	enum vidc_vote_data_session sess_type = 0;

	u32 load = 0, i = 0, j = 0;

	u32 load = 0, i = 0;

	int j = 0;



	if (!dev || !freq || !flag) {

		dprintk(VIDC_ERR, "%s: Invalid params %p, %p, %p\n",