CHROMIUM: camx: fix data_offset buffer overrun

Validate |data_offset| fields of vb2_buffers in the camx driver.
Currently we blindly add |data_offset| to the DMA address, which could
potentially allow userspace to write to arbitrary memory addresses.

TEST=Kernel builds and runs on strongbad. Test command
Signed-off-by: Justin Green <>

Change-Id: Ibecb9c6e0dd8ac029555244ac256c4213f203cbc
Reviewed-by: Atanas Filipov <>
Commit-Queue: Justin Green <>
Tested-by: Justin Green <>
Reviewed-by: Ricardo Ribalda <>
1 file changed