From 1656e2e44ddae9abd52419113d9ab5eb5a10cbc3 Mon Sep 17 00:00:00 2001 From: Haibin Liu Date: Tue, 30 Apr 2019 14:16:47 +0800 Subject: [PATCH] msm: sensor: actuator: fix out of bound read for bivcm region params The region index for bivcm is not validated against the region size. This causes out-of-bound read on the KASAN kernel. Add restriction that region index smaller than region size. CRs-Fixed: 2379514 Change-Id: I72c4a41a4b41c8fa70c174ffd3215a81eaa14355 Signed-off-by: Haibin Liu --- .../platform/msm/camera_v2/sensor/actuator/msm_actuator.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c index 6d60aabae6a5..c80f8159220d 100644 --- a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c +++ b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved. +/* Copyright (c) 2011-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -768,6 +768,9 @@ static int32_t msm_actuator_bivcm_move_focus( a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos); while (a_ctrl->curr_step_pos != dest_step_pos) { + if (a_ctrl->curr_region_index >= a_ctrl->region_size) + break; + step_boundary = a_ctrl->region_params[a_ctrl->curr_region_index]. step_bound[dir];