ipm: cavs: Fix possible buffer overflow
A buffer overflow happens in send() when size is negative because it is promoted to signed when used in memcpy. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
parent
98857c267d
commit
eeea26d206
1 changed files with 1 additions and 1 deletions
|
@ -56,7 +56,7 @@ static int send(const struct device *dev, int wait, uint32_t id,
|
|||
return -EBUSY;
|
||||
}
|
||||
|
||||
if (size > MAX_MSG) {
|
||||
if ((size < 0) || (size > MAX_MSG)) {
|
||||
return -EMSGSIZE;
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue