From: Simon Glass <sjg@chromium.org>
Date: Sat, 16 Jan 2021 21:52:24 +0000 (-0700)
Subject: cros_ec: Add run-time check for input buffer overflow
X-Git-Tag: v2025.01-rc5-pxa1908~2034^2~23
X-Git-Url: http://git.dujemihanovic.xyz/img/static//%22brlog.php?a=commitdiff_plain;h=698e30f7a862ae6eb4754ef0d42b8dc8cf416edd;p=u-boot.git

cros_ec: Add run-time check for input buffer overflow

This should not happen in normal operation, but the EC might have a bug,
so add a run-time check just in case.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

diff --git a/drivers/misc/cros_ec.c b/drivers/misc/cros_ec.c
index ce5fa5bee3..e51ac87409 100644
--- a/drivers/misc/cros_ec.c
+++ b/drivers/misc/cros_ec.c
@@ -404,6 +404,8 @@ static int ec_command(struct udevice *dev, uint cmd, int cmd_version,
 		 */
 		if (din && in_buffer) {
 			assert(len <= din_len);
+			if (len > din_len)
+				return -ENOSPC;
 			memmove(din, in_buffer, len);
 		}
 	}