From 7967865bb4c4bf1d9fab0369e872e880e8e76aba Mon Sep 17 00:00:00 2001 From: E V Ravi Date: Mon, 17 Jun 2019 15:04:53 +0530 Subject: [PATCH] msm: ais: sensor: actuator: fix out of bound read for bivcm region params Issue: The region index for bivcm is not validated against the region size. This cause out-of-bound read on the KASAN kernel. Fix: Add restriction that region index smaller than region size. CRs-Fixed: 2379514 Change-Id: Iff77993000fc89513be90d9de174728fed3b50a7 Signed-off-by: E V Ravi --- drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c index 4a23fe0e9c7e..9b67fb55a886 100644 --- a/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c +++ b/drivers/media/platform/msm/ais/sensor/actuator/msm_actuator.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved. +/* Copyright (c) 2011-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -768,6 +768,8 @@ static int32_t msm_actuator_bivcm_move_focus( a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos); while (a_ctrl->curr_step_pos != dest_step_pos) { + if (a_ctrl->curr_region_index >= a_ctrl->region_size) + break; step_boundary = a_ctrl->region_params[a_ctrl->curr_region_index]. step_bound[dir];