Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

msm: sensor: actuator: add null pointer check for i2c array 

Issue:
i2c_reg_tbl may be null under error condition when set param.
then, other actuator function still may use the i2c_reg_tbl as null.
Fix:
1) the assignment total_steps follow on kmalloc buffer.
2) Add NULL pointer check for i2c tbl.

CRs-Fixed: 2152401
Change-Id: Ieec3d88e6dae0177787da0906f53d59ac4f5a624
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>
Signed-off-by: VijayaKumar T M <vtmuni@codeaurora.org>
This commit is contained in:
VijayaKumar T M 2018-01-29 10:56:40 +05:30 committed by Gerrit - the friendly Code Review server
parent 6425974887
commit a8b1f40acb
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c Executable file → Normal file
View File

@ -56,6 +56,11 @@ static int32_t msm_actuator_piezo_set_default_focus(
struct msm_camera_i2c_reg_setting reg_setting;
CDBG("Enter\n");
if (a_ctrl->i2c_reg_tbl == NULL) {
pr_err("failed. i2c reg tabl is NULL");
return -EFAULT;
}
if (a_ctrl->curr_step_pos != 0) {
a_ctrl->i2c_tbl_index = 0;
a_ctrl->func_tbl->actuator_parse_i2c_params(a_ctrl,
@ -532,6 +537,11 @@ static int32_t msm_actuator_piezo_move_focus(
return -EFAULT;
}
if (a_ctrl->i2c_reg_tbl == NULL) {
pr_err("failed. i2c reg tabl is NULL");
return -EFAULT;
}
if (dest_step_position > a_ctrl->total_steps) {
pr_err("Step pos greater than total steps = %d\n",
dest_step_position);
@ -594,6 +604,10 @@ static int32_t msm_actuator_move_focus(
pr_err("Invalid direction = %d\n", dir);
return -EFAULT;
}
if (a_ctrl->i2c_reg_tbl == NULL) {
pr_err("failed. i2c reg tabl is NULL");
return -EFAULT;
}
if (dest_step_pos > a_ctrl->total_steps) {
pr_err("Step pos greater than total steps = %d\n",
dest_step_pos);
@ -1158,6 +1172,18 @@ static int32_t msm_actuator_set_position(
return -EFAULT;
}
if (!a_ctrl || !a_ctrl->func_tbl ||
!a_ctrl->func_tbl->actuator_parse_i2c_params ||
!a_ctrl->i2c_reg_tbl) {
pr_err("failed. NULL actuator pointers.");
return -EFAULT;
}
if (a_ctrl->actuator_state != ACT_ENABLE_STATE) {
pr_err("failed. Invalid actuator state.");
return -EFAULT;
}
a_ctrl->i2c_tbl_index = 0;
hw_params = set_pos->hw_params;
for (index = 0; index < set_pos->number_of_steps; index++) {
@ -1248,12 +1274,10 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,
a_ctrl->region_size = set_info->af_tuning_params.region_size;
a_ctrl->pwd_step = set_info->af_tuning_params.pwd_step;
a_ctrl->total_steps = set_info->af_tuning_params.total_steps;
if (copy_from_user(&a_ctrl->region_params,
(void *)set_info->af_tuning_params.region_params,
a_ctrl->region_size * sizeof(struct region_params_t))) {
a_ctrl->total_steps = 0;
pr_err("Error copying region_params\n");
return -EFAULT;
}
@ -1286,6 +1310,7 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,
(a_ctrl->i2c_reg_tbl != NULL)) {
kfree(a_ctrl->i2c_reg_tbl);
}
a_ctrl->i2c_reg_tbl = NULL;
a_ctrl->i2c_reg_tbl =
kzalloc(sizeof(struct msm_camera_i2c_reg_array) *
@ -1295,6 +1320,8 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,
return -ENOMEM;
}
a_ctrl->total_steps = set_info->af_tuning_params.total_steps;
if (copy_from_user(&a_ctrl->reg_tbl,
(void *)set_info->actuator_params.reg_tbl_params,
a_ctrl->reg_tbl_size *