msm: mdss: Fix possible memory overwrite in pgc config
Possible memory overwrite in pgc get config is fixed by eliminating direct reference to user data. Change-Id: I7117848bacb8e69720eb3121d02bbacf02cab13a Signed-off-by: Sravan Kumar D.V.N <sravank1@codeaurora.org>
This commit is contained in:
parent
bb760cae59
commit
99a3334a22
1 changed files with 9 additions and 5 deletions
|
@ -1964,20 +1964,24 @@ static int pp_pgc_get_config(char __iomem *base_addr, void *cfg_data,
|
|||
u32 *c0_data = NULL, *c1_data = NULL, *c2_data = NULL;
|
||||
u32 val = 0, i = 0, sz = 0;
|
||||
struct mdp_pgc_lut_data *pgc_data = NULL;
|
||||
struct mdp_pgc_lut_data_v1_7 *pgc_data_v17 = NULL;
|
||||
struct mdp_pgc_lut_data_v1_7 pgc_lut_data_v17;
|
||||
struct mdp_pgc_lut_data_v1_7 *pgc_data_v17 = &pgc_lut_data_v17;
|
||||
if (!base_addr || !cfg_data) {
|
||||
pr_err("invalid params base_addr %pK cfg_data %pK block_type %d\n",
|
||||
base_addr, cfg_data, block_type);
|
||||
return -EINVAL;
|
||||
}
|
||||
pgc_data = (struct mdp_pgc_lut_data *) cfg_data;
|
||||
pgc_data_v17 = (struct mdp_pgc_lut_data_v1_7 *)
|
||||
pgc_data->cfg_payload;
|
||||
if (pgc_data->version != mdp_pgc_v1_7 || !pgc_data_v17) {
|
||||
if (pgc_data->version != mdp_pgc_v1_7 || !pgc_data->cfg_payload) {
|
||||
pr_err("invalid pgc version %d payload %pK\n",
|
||||
pgc_data->version, pgc_data_v17);
|
||||
pgc_data->version, pgc_data->cfg_payload);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (copy_from_user(pgc_data_v17, (void __user *) pgc_data->cfg_payload,
|
||||
sizeof(*pgc_data_v17))) {
|
||||
pr_err("copy from user failed for pgc lut data\n");
|
||||
return -EFAULT;
|
||||
}
|
||||
if (!(pgc_data->flags & MDP_PP_OPS_READ)) {
|
||||
pr_info("read ops is not set %d", pgc_data->flags);
|
||||
return -EINVAL;
|
||||
|
|
Loading…
Add table
Reference in a new issue