Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

Merge "msm: camera: Restructure data handling to be more robust"

This commit is contained in:
Linux Build Service Account 2016-09-15 07:41:58 -07:00 committed by Gerrit - the friendly Code Review server
parent 3347316df9 36dea6e3f4
commit 1a0c120d47
2 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c
View File

@ -71,6 +71,12 @@ int32_t msm_camera_cci_i2c_read_seq(struct msm_camera_i2c_client *client,
|| num_byte == 0)
return rc;
if (num_byte > I2C_REG_DATA_MAX) {
pr_err("%s: Error num_byte:0x%x exceeds 8K max supported:0x%x\n",
__func__, num_byte, I2C_REG_DATA_MAX);
return rc;
}
buf = kzalloc(num_byte, GFP_KERNEL);
if (!buf) {
pr_err("%s:%d no memory\n", __func__, __LINE__);

39
drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_qup_i2c.c
View File

@ -102,7 +102,7 @@ int32_t msm_camera_qup_i2c_read(struct msm_camera_i2c_client *client,
enum msm_camera_i2c_data_type data_type)
{
int32_t rc = -EFAULT;
unsigned char buf[client->addr_type+data_type];
unsigned char *buf = NULL;
if ((client->addr_type != MSM_CAMERA_I2C_BYTE_ADDR
&& client->addr_type != MSM_CAMERA_I2C_WORD_ADDR)
@ -110,6 +110,17 @@ int32_t msm_camera_qup_i2c_read(struct msm_camera_i2c_client *client,
&& data_type != MSM_CAMERA_I2C_WORD_DATA))
return rc;
if (client->addr_type > UINT_MAX - data_type) {
pr_err("%s: integer overflow prevented\n", __func__);
return rc;
}
buf = kzalloc(client->addr_type+data_type, GFP_KERNEL);
if (!buf) {
pr_err("%s:%d no memory\n", __func__, __LINE__);
return -ENOMEM;
}
if (client->addr_type == MSM_CAMERA_I2C_BYTE_ADDR) {
buf[0] = addr;
} else if (client->addr_type == MSM_CAMERA_I2C_WORD_ADDR) {
@ -119,6 +130,8 @@ int32_t msm_camera_qup_i2c_read(struct msm_camera_i2c_client *client,
rc = msm_camera_qup_i2c_rxdata(client, buf, data_type);
if (rc < 0) {
S_I2C_DBG("%s fail\n", __func__);
kfree(buf);
buf = NULL;
return rc;
}
@ -128,6 +141,8 @@ int32_t msm_camera_qup_i2c_read(struct msm_camera_i2c_client *client,
*data = buf[0] << 8 | buf[1];
S_I2C_DBG("%s addr = 0x%x data: 0x%x\n", __func__, addr, *data);
kfree(buf);
buf = NULL;
return rc;
}
@ -135,7 +150,7 @@ int32_t msm_camera_qup_i2c_read_seq(struct msm_camera_i2c_client *client,
uint32_t addr, uint8_t *data, uint32_t num_byte)
{
int32_t rc = -EFAULT;
unsigned char buf[client->addr_type+num_byte];
unsigned char *buf = NULL;
int i;
if ((client->addr_type != MSM_CAMERA_I2C_BYTE_ADDR
@ -143,6 +158,22 @@ int32_t msm_camera_qup_i2c_read_seq(struct msm_camera_i2c_client *client,
|| num_byte == 0)
return rc;
if (num_byte > I2C_REG_DATA_MAX) {
pr_err("%s: Error num_byte:0x%x exceeds 8K max supported:0x%x\n",
__func__, num_byte, I2C_REG_DATA_MAX);
return rc;
}
if (client->addr_type > UINT_MAX - num_byte) {
pr_err("%s: integer overflow prevented\n", __func__);
return rc;
}
buf = kzalloc(client->addr_type+num_byte, GFP_KERNEL);
if (!buf) {
pr_err("%s:%d no memory\n", __func__, __LINE__);
return -ENOMEM;
}
if (client->addr_type == MSM_CAMERA_I2C_BYTE_ADDR) {
buf[0] = addr;
} else if (client->addr_type == MSM_CAMERA_I2C_WORD_ADDR) {
@ -152,6 +183,8 @@ int32_t msm_camera_qup_i2c_read_seq(struct msm_camera_i2c_client *client,
rc = msm_camera_qup_i2c_rxdata(client, buf, num_byte);
if (rc < 0) {
S_I2C_DBG("%s fail\n", __func__);
kfree(buf);
buf = NULL;
return rc;
}
@ -161,6 +194,8 @@ int32_t msm_camera_qup_i2c_read_seq(struct msm_camera_i2c_client *client,
S_I2C_DBG("Byte %d: 0x%x\n", i, buf[i]);
S_I2C_DBG("Data: 0x%x\n", data[i]);
}
kfree(buf);
buf = NULL;
return rc;
}