Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dc975b16 authored by Sureshnaidu Laveti's avatar Sureshnaidu Laveti Committed by Gerrit - the friendly Code Review server
Browse files

msm: sensor: Validationg function pointers before using them 



Since IOCTLS can come in any order, validating the actuator
function table and methods before accessing them.

CRs-Fixed: 1084177
Change-Id: Ic6fce52fdf4d1420c2b707ec9bc9cba045066a13
Signed-off-by: default avatarSureshnaidu Laveti <lsuresh@codeaurora.org>
parent 1446cd5f

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c

+14 −8
Original line number Original line Diff line number Diff line
@@ -1396,7 +1396,7 @@ static int32_t msm_actuator_config(struct msm_actuator_ctrl_t *a_ctrl, 
{

{

	struct msm_actuator_cfg_data *cdata =

	struct msm_actuator_cfg_data *cdata =

		(struct msm_actuator_cfg_data *)argp;

		(struct msm_actuator_cfg_data *)argp;

	int32_t rc = 0;

	int32_t rc = -EINVAL;

	mutex_lock(a_ctrl->actuator_mutex);

	mutex_lock(a_ctrl->actuator_mutex);

	CDBG("Enter\n");

	CDBG("Enter\n");

	CDBG("%s type %d\n", __func__, cdata->cfgtype);

	CDBG("%s type %d\n", __func__, cdata->cfgtype);
@@ -1406,7 +1406,7 @@ static int32_t msm_actuator_config(struct msm_actuator_ctrl_t *a_ctrl, 
		a_ctrl->actuator_state == ACT_DISABLE_STATE) {

		a_ctrl->actuator_state == ACT_DISABLE_STATE) {

		pr_err("actuator disabled %d\n", rc);

		pr_err("actuator disabled %d\n", rc);

		mutex_unlock(a_ctrl->actuator_mutex);

		mutex_unlock(a_ctrl->actuator_mutex);

		return -EINVAL;

		return rc;

	}

	}





	switch (cdata->cfgtype) {

	switch (cdata->cfgtype) {
@@ -1427,13 +1427,17 @@ static int32_t msm_actuator_config(struct msm_actuator_ctrl_t *a_ctrl, 
		break;

		break;





	case CFG_SET_DEFAULT_FOCUS:

	case CFG_SET_DEFAULT_FOCUS:

		rc = a_ctrl->func_tbl->actuator_set_default_focus(a_ctrl,

		if (a_ctrl->func_tbl &&

			&cdata->cfg.move);

			a_ctrl->func_tbl->actuator_set_default_focus)

			rc = a_ctrl->func_tbl->actuator_set_default_focus(

				a_ctrl, &cdata->cfg.move);

		if (rc < 0)

		if (rc < 0)

			pr_err("move focus failed %d\n", rc);

			pr_err("move focus failed %d\n", rc);

		break;

		break;





	case CFG_MOVE_FOCUS:

	case CFG_MOVE_FOCUS:

		if (a_ctrl->func_tbl &&

			a_ctrl->func_tbl->actuator_move_focus)

			rc = a_ctrl->func_tbl->actuator_move_focus(a_ctrl,

			rc = a_ctrl->func_tbl->actuator_move_focus(a_ctrl,

				&cdata->cfg.move);

				&cdata->cfg.move);

		if (rc < 0)

		if (rc < 0)
@@ -1446,6 +1450,8 @@ static int32_t msm_actuator_config(struct msm_actuator_ctrl_t *a_ctrl, 
		break;

		break;





	case CFG_SET_POSITION:

	case CFG_SET_POSITION:

		if (a_ctrl->func_tbl &&

			a_ctrl->func_tbl->actuator_set_position)

			rc = a_ctrl->func_tbl->actuator_set_position(a_ctrl,

			rc = a_ctrl->func_tbl->actuator_set_position(a_ctrl,

				&cdata->cfg.setpos);

				&cdata->cfg.setpos);

		if (rc < 0)

		if (rc < 0)