ipm: imx: Fix possible buffer overflow

It is possible to happen a buffer overflow in ipm_send due the lack
of a checking for negative value.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-09-25 13:10:18 -07:00 committed by Maureen Helm
commit 0a12a05e63

View file

@ -175,7 +175,7 @@ static int imx_mu_ipm_send(const struct device *dev, int wait, uint32_t id,
return -EINVAL;
}
if (size > CONFIG_IPM_IMX_MAX_DATA_SIZE) {
if ((size < 0) || (size > CONFIG_IPM_IMX_MAX_DATA_SIZE)) {
return -EMSGSIZE;
}