ipm: imx: Fix possible buffer overflow It is possible to happen a buffer overflow in ipm_send due the lack of a checking for negative value. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com> (cherry picked from commit 0a12a05e630b270e465cf5d92063b9676ebeb631)

commit: bd7f05ebbc180f23c7fd3f3b4a65f9475551b053 [log] [tgz]
author: Flavio Ceolin <flavio.ceolin@intel.com> Mon Sep 25 13:10:18 2023 -0700
committer: Henrik Brix Andersen <henrik@brixandersen.dk> Tue Nov 07 18:33:47 2023 +0100
tree: 6fde16d1f03172017ef0d21403a755876c206668
parent: a124fd1617d3fa9d2e6d23ac7517ae7e9ab73d71 [diff]
diff --git a/drivers/ipm/ipm_imx.c b/drivers/ipm/ipm_imx.c
index f1205a4..511123b 100644
--- a/drivers/ipm/ipm_imx.c
+++ b/drivers/ipm/ipm_imx.c

@@ -174,7 +174,7 @@
 		return -EINVAL;
 	}
 
-	if (size > CONFIG_IPM_IMX_MAX_DATA_SIZE) {
+	if ((size < 0) || (size > CONFIG_IPM_IMX_MAX_DATA_SIZE)) {
 		return -EMSGSIZE;
 	}
commit	bd7f05ebbc180f23c7fd3f3b4a65f9475551b053	[log] [tgz]
author	Flavio Ceolin <flavio.ceolin@intel.com>	Mon Sep 25 13:10:18 2023 -0700
committer	Henrik Brix Andersen <henrik@brixandersen.dk>	Tue Nov 07 18:33:47 2023 +0100
tree	6fde16d1f03172017ef0d21403a755876c206668
parent	a124fd1617d3fa9d2e6d23ac7517ae7e9ab73d71 [diff]