diff options
| author | Fabien Parent <fparent@baylibre.com> | 2018-05-05 13:45:07 +0200 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-11 02:58:46 -0700 |
| commit | e4b718df7a3fbf320fc867844699e60e908d6c20 (patch) | |
| tree | e14517c21ef1d49b06be232f7a47644052bb6ef4 | |
| parent | 7034d8b711398d5627fab5fe787fc33e24d76c48 (diff) | |
| download | chrome-ec-e4b718df7a3fbf320fc867844699e60e908d6c20.tar.gz | |
charge_manager: fix possible out of bound read access
The port id given by the kernel is never checked and out-of-bound
read accesses can be made on available_charge. Fix it.
Change-Id: I06ed3d28c30db77d8256e9af808484a7cbdc901e
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Reviewed-on: https://chromium-review.googlesource.com/1046592
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
| -rw-r--r-- | common/charge_manager.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/common/charge_manager.c b/common/charge_manager.c index 63a257ab40..2c30ca7bc8 100644 --- a/common/charge_manager.c +++ b/common/charge_manager.c @@ -1079,6 +1079,9 @@ static int hc_pd_power_info(struct host_cmd_handler_args *args) if (port == PD_POWER_CHARGING_PORT) port = charge_port; + if (port >= CHARGE_PORT_COUNT) + return EC_RES_INVALID_PARAM; + charge_manager_fill_power_info(port, r); args->response_size = sizeof(*r); |