| Message ID | 20241101133917.27634-6-Jonathan.Cameron@huawei.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | hw/cxl: Mailbox input parser hardening against invalid input. | expand |
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c index 27fadc4fa8..2aa7ffed84 100644 --- a/hw/cxl/cxl-mailbox-utils.c +++ b/hw/cxl/cxl-mailbox-utils.c @@ -947,7 +947,7 @@ static CXLRetCode cmd_logs_get_log(const struct cxl_cmd *cmd, * the only possible failure would be if the mailbox itself isn't big * enough. */ - if (get_log->offset + get_log->length > cci->payload_max) { + if (get_log->length > cci->payload_max) { return CXL_MBOX_INVALID_INPUT; }
Checking offset + length is of no relevance when verifying the CEL data will fit in the mailbox payload. Only the length is is relevant. Note that this removes a potential overflow. Reported-by: Esifiel <esifiel@gmail.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> --- hw/cxl/cxl-mailbox-utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)