MLK-12670 mxc IPUv3: common: Fix overrun array ->sec_chan_en and ->thrd_chan_en

We've got more than 24 channels defined in ipu_channel_t, which causes
potential overrun on array ipu->sec_chan_en and ipu->thrd_chan_en.
This patch enlarges the array size to IPU_MAX_CH(32) to fix this issue.

This issue is reported by Coverity:
Out-of-bounds read (OVERRUN)
overrun-local: Overrunning array ipu->sec_chan_en of 24 bytes at byte offset
		25 using index channel >> 24 (which evaluates to 25).
        if ((ipu->sec_chan_en[IPU_CHAN_ID(channel)]) &&
                ((channel == MEM_PP_MEM) || (channel == MEM_PRP_VF_MEM) ||
                 (channel == MEM_VDI_PRP_VF_MEM))) {

Out-of-bounds read (OVERRUN)
overrun-local: Overrunning array ipu->thrd_chan_en of 24 bytes at byte offset
		25 using index channel >> 24 (which evaluates to 25).
        if ((ipu->thrd_chan_en[IPU_CHAN_ID(channel)]) &&
                ((channel == MEM_PP_MEM) || (channel == MEM_PRP_VF_MEM))) {
                thrd_dma = channel_2_dma(channel, IPU_ALPHA_IN_BUFFER);

Signed-off-by: Liu Ying <victor.liu@nxp.com>

diff --git a/drivers/mxc/ipu3/ipu_prv.h b/drivers/mxc/ipu3/ipu_prv.h
index 025a7bd..0a21d92 100644 (file)
--- a/drivers/mxc/ipu3/ipu_prv.h
+++ b/drivers/mxc/ipu3/ipu_prv.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2015 Freescale Semiconductor, Inc. All Rights Reserved.
+ * Copyright 2005-2016 Freescale Semiconductor, Inc. All Rights Reserved.
  */
 
 /*
@@ -17,6 +17,7 @@
 #include <linux/device.h>
 #include <linux/fsl_devices.h>
 #include <linux/interrupt.h>
+#include <linux/ipu-v3.h>
 #include <linux/types.h>
 
 #define MXC_IPU_MAX_NUM                2
@@ -93,8 +94,8 @@ struct ipu_soc {
        ipu_channel_t csi_channel[2];
        ipu_channel_t using_ic_dirct_ch;
        unsigned char dc_di_assignment[10];
-       bool sec_chan_en[24];
-       bool thrd_chan_en[24];
+       bool sec_chan_en[IPU_MAX_CH];
+       bool thrd_chan_en[IPU_MAX_CH];
        bool chan_is_interlaced[52];
        uint32_t channel_init_mask;
        uint32_t channel_enable_mask;