diff options
| -rw-r--r-- | drivers/media/platform/msm/camera_v2/sensor/eeprom/msm_eeprom.c | 22 | ||||
| -rw-r--r-- | include/uapi/media/msm_cam_sensor.h | 2 |
2 files changed, 19 insertions, 5 deletions
diff --git a/drivers/media/platform/msm/camera_v2/sensor/eeprom/msm_eeprom.c b/drivers/media/platform/msm/camera_v2/sensor/eeprom/msm_eeprom.c index 8d7946db838a..dfbdc79a9121 100644 --- a/drivers/media/platform/msm/camera_v2/sensor/eeprom/msm_eeprom.c +++ b/drivers/media/platform/msm/camera_v2/sensor/eeprom/msm_eeprom.c @@ -619,6 +619,7 @@ static int msm_eeprom_config(struct msm_eeprom_ctrl_t *e_ctrl, struct msm_eeprom_cfg_data *cdata = (struct msm_eeprom_cfg_data *)argp; int rc = 0; + size_t length = 0; CDBG("%s E\n", __func__); switch (cdata->cfgtype) { @@ -631,9 +632,15 @@ static int msm_eeprom_config(struct msm_eeprom_ctrl_t *e_ctrl, } CDBG("%s E CFG_EEPROM_GET_INFO\n", __func__); cdata->is_supported = e_ctrl->is_supported; + length = strlen(e_ctrl->eboard_info->eeprom_name) + 1; + if (length > MAX_EEPROM_NAME) { + pr_err("%s:%d invalid eeprom_name length %d\n", + __func__, __LINE__, (int)length); + rc = -EINVAL; + break; + } memcpy(cdata->cfg.eeprom_name, - e_ctrl->eboard_info->eeprom_name, - sizeof(cdata->cfg.eeprom_name)); + e_ctrl->eboard_info->eeprom_name, length); break; case CFG_EEPROM_GET_CAL_DATA: CDBG("%s E CFG_EEPROM_GET_CAL_DATA\n", __func__); @@ -1477,6 +1484,7 @@ static int msm_eeprom_config32(struct msm_eeprom_ctrl_t *e_ctrl, struct msm_eeprom_cfg_data32 *cdata = (struct msm_eeprom_cfg_data32 *)argp; int rc = 0; + size_t length = 0; CDBG("%s E\n", __func__); switch (cdata->cfgtype) { @@ -1489,9 +1497,15 @@ static int msm_eeprom_config32(struct msm_eeprom_ctrl_t *e_ctrl, } CDBG("%s E CFG_EEPROM_GET_INFO\n", __func__); cdata->is_supported = e_ctrl->is_supported; + length = strlen(e_ctrl->eboard_info->eeprom_name) + 1; + if (length > MAX_EEPROM_NAME) { + pr_err("%s:%d invalid eeprom_name length %d\n", + __func__, __LINE__, (int)length); + rc = -EINVAL; + break; + } memcpy(cdata->cfg.eeprom_name, - e_ctrl->eboard_info->eeprom_name, - sizeof(cdata->cfg.eeprom_name)); + e_ctrl->eboard_info->eeprom_name, length); break; case CFG_EEPROM_GET_CAL_DATA: CDBG("%s E CFG_EEPROM_GET_CAL_DATA\n", __func__); diff --git a/include/uapi/media/msm_cam_sensor.h b/include/uapi/media/msm_cam_sensor.h index 172545d34b7d..c6144cd8f355 100644 --- a/include/uapi/media/msm_cam_sensor.h +++ b/include/uapi/media/msm_cam_sensor.h @@ -305,7 +305,7 @@ struct msm_eeprom_cfg_data { enum eeprom_cfg_type_t cfgtype; uint8_t is_supported; union { - char eeprom_name[MAX_SENSOR_NAME]; + char eeprom_name[MAX_EEPROM_NAME]; struct eeprom_get_t get_data; struct eeprom_read_t read_data; struct eeprom_write_t write_data; |