rpmsg: bgcom: out of bound read from process_cmd
When dereferencing "rx_data" as type "glink_bgcom_msg" ,
we didn't check if "rx_data" has enough room to hold that type.
The "rx_size" is read from remote to master fifo and if received
rx_size is less then "glink_bgcom_msg" then it could lead to
heap out of bounds read.
If received rx_size is less then the expected glink_bgcom_msg
then return back as a bad message.
Change-Id: Idde757ee70c7c88c22e4f036e6da0280e3b385d0
Signed-off-by:
Kaushal Hooda <quic_khooda@quicinc.com>
Loading
Please register or sign in to comment