Merge "msm: ais: Security fixes for ispif and cpp"

			pack_mask[0] |= temp;

		CDBG("%s:num %d cid %d mode %d pack_mask %x %x\n",

			__func__, entry->num_cids, entry->cids[i],

			pack_cfg[i].pack_mode,

			pack_cfg[entry->cids[i]].pack_mode,

			pack_mask[0], pack_mask[1]);

	}

		return rc;

	}

	for (i = 0; i < params->num; i++) {

		int j;

		if (params->entries[i].num_cids > MAX_CID_CH_v2)

			return -EINVAL;

		for (j = 0; j < params->entries[i].num_cids; j++)

			if (params->entries[i].cids[j] >= CID_MAX)

				return -EINVAL;

	}

	for (i = 0; i < params->num; i++) {

		intftype = params->entries[i].intftype;

		vfe_intf = params->entries[i].vfe_intf;

		return -EINVAL;

	}

	if (stripe_base == UINT_MAX || new_frame->num_strips >

		(UINT_MAX - 1 - stripe_base) / stripe_size) {

	/* Stripe index starts at zero */

	if ((!new_frame->num_strips) ||

		(new_frame->first_stripe_index >= new_frame->num_strips) ||

		(new_frame->last_stripe_index  >= new_frame->num_strips) ||

		(new_frame->first_stripe_index >

			new_frame->last_stripe_index)) {

		pr_err("Invalid frame message, #stripes=%d, stripe indices=[%d,%d]\n",

			new_frame->num_strips,

			new_frame->first_stripe_index,

			new_frame->last_stripe_index);

		return -EINVAL;

	}

	if (!stripe_size) {

		pr_err("Invalid frame message, invalid stripe_size (%d)!\n",

			stripe_size);

		return -EINVAL;

	}

	if ((stripe_base == UINT_MAX) ||

		(new_frame->num_strips >

			(UINT_MAX - 1 - stripe_base) / stripe_size)) {

		pr_err("Invalid frame message, num_strips %d is large\n",

			new_frame->num_strips);

		return -EINVAL;

	struct msm_cpp_frame_info_t *frame = NULL;

	struct msm_cpp_frame_info_t k_frame_info;

	int32_t rc = 0;

	int32_t i = 0;

	int32_t num_buff = sizeof(k_frame_info.output_buffer_info)/

	uint32_t i = 0;

	uint32_t num_buff = sizeof(k_frame_info.output_buffer_info) /

				sizeof(struct msm_cpp_buffer_info_t);

	if (copy_from_user(&k_frame_info,

			(void __user *)ioctl_ptr->ioctl_ptr,

			sizeof(k_frame_info)))