Prevent out-of-range register accesses.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
printk(KERN_ERR "Unable to ioremap cafe-ccic regs\n");
goto out_disable;
}
+ mcam->regs_size = pci_resource_len(pdev, 0);
ret = request_irq(pdev->irq, cafe_irq, IRQF_SHARED, "cafe-ccic", cam);
if (ret)
goto out_iounmap;
{
struct mcam_camera *cam = priv;
+ if (reg->reg > cam->regs_size - 4)
+ return -EINVAL;
reg->val = mcam_reg_read(cam, reg->reg);
reg->size = 4;
return 0;
{
struct mcam_camera *cam = priv;
+ if (reg->reg > cam->regs_size - 4)
+ return -EINVAL;
mcam_reg_write(cam, reg->reg, reg->val);
return 0;
}
*/
struct i2c_adapter *i2c_adapter;
unsigned char __iomem *regs;
+ unsigned regs_size; /* size in bytes of the register space */
spinlock_t dev_lock;
struct device *dev; /* For messages, dma alloc */
enum mcam_chip_id chip_id;
ret = -ENODEV;
goto out_free;
}
+ mcam->regs_size = resource_size(res);
/*
* Power/clock memory is elsewhere; get it too. Perhaps this
* should really be managed outside of this driver?
projects / users / hch / uuid.git / commitdiff