storage/flash_map: Fix is_in_flash_area_bounds

Prevent possible overflow in is_in_flash_area_bounds while
validating offset and length of an operation.

Fixes #89349

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This commit is contained in:
Dominik Ermel 2025-04-30 18:07:44 +00:00 committed by Benjamin Cabé
commit 3d4b427245

View file

@ -33,7 +33,7 @@ static inline struct flash_area const *get_flash_area_from_id(int idx)
static inline bool is_in_flash_area_bounds(const struct flash_area *fa,
off_t off, size_t len)
{
return (off >= 0) && ((off + len) <= fa->fa_size);
return (off >= 0) && (off < fa->fa_size) && (len <= (fa->fa_size - off));
}
#endif /* ZEPHYR_SUBSYS_STORAGE_FLASH_MAP_PRIV_H_ */