From 8f5d65a46f43f88049b61cb7377f5341fc392bbd Mon Sep 17 00:00:00 2001
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
Date: Fri, 6 Nov 2015 14:33:22 +0100
Subject: [PATCH] fimc-is: Eliminate some BUG_ON() from
 fimc_is_group_buffer_finish()

This prevents kernel panic caused by wrong sequences in user space.

Change-Id: I1470675c0a2a2bcecb526dbef0f93772c5da9cb4
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
---
 drivers/media/platform/exynos/fimc-is/fimc-is-groupmgr.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/exynos/fimc-is/fimc-is-groupmgr.c b/drivers/media/platform/exynos/fimc-is/fimc-is-groupmgr.c
index 8979ee25dd7a..d5e518209599 100644
--- a/drivers/media/platform/exynos/fimc-is/fimc-is-groupmgr.c
+++ b/drivers/media/platform/exynos/fimc-is/fimc-is-groupmgr.c
@@ -1413,8 +1413,12 @@ int fimc_is_group_buffer_finish(struct fimc_is_groupmgr *groupmgr,
 	BUG_ON(!group);
 	BUG_ON(!group->leader.vctx);
 	BUG_ON(group->instance >= FIMC_IS_MAX_NODES);
-	BUG_ON(group->id >= GROUP_ID_MAX);
-	BUG_ON(index >= FRAMEMGR_MAX_REQUEST);
+
+	if (WARN_ON(group->id >= GROUP_ID_MAX))
+		return -EINVAL;
+
+	if (WARN_ON(index >= FRAMEMGR_MAX_REQUEST))
+		return -EINVAL;
 
 	framemgr = GET_GROUP_FRAMEMGR(group);
 
-- 
2.34.1