Loading drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c +8 −1 Original line number Diff line number Diff line Loading @@ -2376,7 +2376,7 @@ static int msm_cpp_cfg_frame(struct cpp_device *cpp_dev, struct msm_buf_mngr_info buff_mgr_info, dup_buff_mgr_info; int32_t in_fd; int32_t num_output_bufs = 1; int32_t stripe_base = 0; uint32_t stripe_base = 0; uint32_t stripe_size; uint8_t tnr_enabled; enum msm_camera_buf_mngr_buf_type buf_type = Loading Loading @@ -2411,6 +2411,13 @@ static int msm_cpp_cfg_frame(struct cpp_device *cpp_dev, return -EINVAL; } if (stripe_base == UINT_MAX || new_frame->num_strips > (UINT_MAX - 1 - stripe_base) / stripe_size) { pr_err("Invalid frame message,num_strips %d is large\n", new_frame->num_strips); return -EINVAL; } if ((stripe_base + new_frame->num_strips * stripe_size + 1) != new_frame->msg_len) { pr_err("Invalid frame message,len=%d,expected=%d\n", Loading Loading
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c +8 −1 Original line number Diff line number Diff line Loading @@ -2376,7 +2376,7 @@ static int msm_cpp_cfg_frame(struct cpp_device *cpp_dev, struct msm_buf_mngr_info buff_mgr_info, dup_buff_mgr_info; int32_t in_fd; int32_t num_output_bufs = 1; int32_t stripe_base = 0; uint32_t stripe_base = 0; uint32_t stripe_size; uint8_t tnr_enabled; enum msm_camera_buf_mngr_buf_type buf_type = Loading Loading @@ -2411,6 +2411,13 @@ static int msm_cpp_cfg_frame(struct cpp_device *cpp_dev, return -EINVAL; } if (stripe_base == UINT_MAX || new_frame->num_strips > (UINT_MAX - 1 - stripe_base) / stripe_size) { pr_err("Invalid frame message,num_strips %d is large\n", new_frame->num_strips); return -EINVAL; } if ((stripe_base + new_frame->num_strips * stripe_size + 1) != new_frame->msg_len) { pr_err("Invalid frame message,len=%d,expected=%d\n", Loading
