ipm: mcux: Fix possible buffer overflow

It is possible to happen a buffer overflow in ipm_send callback
due a wrong comparison between signed/unsigned types.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-09-25 13:00:57 -07:00 committed by Maureen Helm
commit 6654d18596

View file

@ -93,7 +93,7 @@ static int mcux_mailbox_ipm_send(const struct device *d, int wait,
return -EINVAL;
}
if (size > MCUX_IPM_DATA_REGS * sizeof(uint32_t)) {
if ((size < 0) || (size > MCUX_IPM_DATA_REGS * sizeof(uint32_t))) {
return -EMSGSIZE;
}