ipm: cavs: Fix possible buffer overflow

A buffer overflow happens in send() when size is negative because
it is promoted to signed when used in memcpy.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-09-26 10:39:00 -07:00 committed by Maureen Helm
commit eeea26d206

View file

@ -56,7 +56,7 @@ static int send(const struct device *dev, int wait, uint32_t id,
return -EBUSY;
}
if (size > MAX_MSG) {
if ((size < 0) || (size > MAX_MSG)) {
return -EMSGSIZE;
}