Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit df512d13 authored by Senthil Kumar Rajagopal's avatar Senthil Kumar Rajagopal Committed by Gerrit - the friendly Code Review server
Browse files

msm: camera: isp: Handle array out of bounds 



The pointer qbuf_buf comes from userspace.
qbuf_buf->num_planes is used with no bound check,
which if set to a large value, it will overflow
buf_info->mapped_info and qbuf_buf->planes

CRs-Fixed: 2003798

Change-Id: I332e0424e57bb14b481a740604a09350e6f029a8
Signed-off-by: default avatarSenthil Kumar Rajagopal <skrajago@codeaurora.org>
parent 9dbf9c2b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment