[PATCH] Signed-off-by: Changming Liu <charley.ashbringer@gmail.com>

[PATCH] Signed-off-by: Changming Liu <charley.ashbringer@gmail.com>

[Changming Liu]

media: am437x-vpfe: exclude illegal values for enum when validing params from user space

When calling ccdc_data_size_max_bit() to validate data_sz in vpfe_ccdc_validate_param(), it's treated
as an enumeration ranging from 0 to 7 while essentially it's an 32 bit unsigned integer directly from
user space. This can make the return value of ccdc_data_size_max_bit() underflow and bypass the
following check.

To fix this, an additional check is added to the following if clause to keep this enumaration
variable in range. And if its value is not legal, return -EINVAL properly.

Signed-off-by: Changming Liu <charley.ashbringer@gmail.com>
---
 drivers/media/platform/am437x/am437x-vpfe.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/platform/am437x/am437x-vpfe.c b/drivers/media/platform/am437x/am437x-vpfe.c
index 0910430..190d1a6 100644
--- a/drivers/media/platform/am437x/am437x-vpfe.c
+++ b/drivers/media/platform/am437x/am437x-vpfe.c
@@ -285,6 +285,7 @@ vpfe_ccdc_validate_param(struct vpfe_ccdc *ccdc,
 	max_data = ccdc_data_size_max_bit(ccdcparam->data_sz);
 
 	if (ccdcparam->alaw.gamma_wd > VPFE_CCDC_GAMMA_BITS_09_0 ||
+	    ccdcparam->data_sz > VPFE_CCDC_DATA_8BITS ||
 	    max_gamma > max_data) {
 		vpfe_dbg(1, vpfe, "Invalid data line select\n");
 		return -EINVAL;
-- 
2.7.4