evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

msm: mdss: Fix possible integer overflow

Browse source 
Avoid possible integer overflow while validating mdp3 image
parameters.

Change-Id: Ifd972134a23f653cf38134510d98dec5a604d2bc
CRs-Fixed: 1107055
Signed-off-by: Sachin Bhayare <sachin.bhayare@codeaurora.org>
This commit is contained in:
Sachin Bhayare 2017-06-30 11:17:18 +05:30 committed by Gerrit - the friendly Code Review server
parent de207d8feb
commit 4a99ab9b7d
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
drivers/video/fbdev/msm/mdp3_ppp.c
View file

@ -1,4 +1,5 @@
/* Copyright (c) 2007, 2013-2014, 2016, The Linux Foundation. All rights reserved.
* Copyright (c) 2017, The Linux Foundation. All rights reserved.
* Copyright (C) 2007 Google Incorporated
*
* This software is licensed under the terms of the GNU General Public
@ -39,6 +40,7 @@
#define MDP_PPP_MAX_BPP 4
#define MDP_PPP_DYNAMIC_FACTOR 3
#define MDP_PPP_MAX_READ_WRITE 3
#define MDP_PPP_MAX_WIDTH 0xFFF
#define ENABLE_SOLID_FILL 0x2
#define DISABLE_SOLID_FILL 0x0
#define BLEND_LATENCY 3
@ -152,6 +154,11 @@ int mdp3_ppp_get_img(struct mdp_img *img, struct mdp_blit_req *req,
return -EINVAL;
}
if (img->width > MDP_PPP_MAX_WIDTH) {
pr_err("%s incorrect width %d\n", __func__, img->width);
return -EINVAL;
}
fb_data.flags = img->priv;
fb_data.memory_id = img->memory_id;
fb_data.offset = 0;