michaelh/zephyr
1
0
Fork 0
Code Releases Activity

ipm: mcux: Fix possible buffer overflow

Browse source 
It is possible to happen a buffer overflow in ipm_send callback
due a wrong comparison between signed/unsigned types.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-09-25 13:00:57 -07:00 committed by Maureen Helm
commit 6654d18596
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
drivers/ipm/ipm_mcux.c
View file

@ -93,7 +93,7 @@ static int mcux_mailbox_ipm_send(const struct device *d, int wait,
return -EINVAL;
}
if (size > MCUX_IPM_DATA_REGS * sizeof(uint32_t)) {
if ((size < 0) || (size > MCUX_IPM_DATA_REGS * sizeof(uint32_t))) {
return -EMSGSIZE;
}