From 698e30f7a862ae6eb4754ef0d42b8dc8cf416edd Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Sat, 16 Jan 2021 14:52:24 -0700
Subject: [PATCH] cros_ec: Add run-time check for input buffer overflow

This should not happen in normal operation, but the EC might have a bug,
so add a run-time check just in case.

Signed-off-by: Simon Glass <sjg@chromium.org>
---
 drivers/misc/cros_ec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/misc/cros_ec.c b/drivers/misc/cros_ec.c
index ce5fa5bee3..e51ac87409 100644
--- a/drivers/misc/cros_ec.c
+++ b/drivers/misc/cros_ec.c
@@ -404,6 +404,8 @@ static int ec_command(struct udevice *dev, uint cmd, int cmd_version,
 		 */
 		if (din && in_buffer) {
 			assert(len <= din_len);
+			if (len > din_len)
+				return -ENOSPC;
 			memmove(din, in_buffer, len);
 		}
 	}
-- 
2.39.5