From 0a12a05e630b270e465cf5d92063b9676ebeb631 Mon Sep 17 00:00:00 2001
From: Flavio Ceolin <flavio.ceolin@intel.com>
Date: Mon, 25 Sep 2023 13:10:18 -0700
Subject: [PATCH] ipm: imx: Fix possible buffer overflow

It is possible to happen a buffer overflow in ipm_send due the lack
of a checking for negative value.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
---
 drivers/ipm/ipm_imx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/ipm/ipm_imx.c b/drivers/ipm/ipm_imx.c
index 65e525f815a..da8a450982b 100644
--- a/drivers/ipm/ipm_imx.c
+++ b/drivers/ipm/ipm_imx.c
@@ -175,7 +175,7 @@ static int imx_mu_ipm_send(const struct device *dev, int wait, uint32_t id,
 		return -EINVAL;
 	}
 
-	if (size > CONFIG_IPM_IMX_MAX_DATA_SIZE) {
+	if ((size < 0) || (size > CONFIG_IPM_IMX_MAX_DATA_SIZE)) {
 		return -EMSGSIZE;
 	}