michaelh/zephyr
1
0
Fork 0
Code Releases Activity

ipm: imx: Fix possible buffer overflow

Browse source 
It is possible to happen a buffer overflow in ipm_send due the lack
of a checking for negative value.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-09-25 13:10:18 -07:00 committed by Maureen Helm
commit 0a12a05e63
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
drivers/ipm/ipm_imx.c
View file

@ -175,7 +175,7 @@ static int imx_mu_ipm_send(const struct device *dev, int wait, uint32_t id,
return -EINVAL; return -EINVAL;
} }
if (size > CONFIG_IPM_IMX_MAX_DATA_SIZE) { if ((size < 0) || (size > CONFIG_IPM_IMX_MAX_DATA_SIZE)) {
return -EMSGSIZE; return -EMSGSIZE;
} }