diff options
Diffstat (limited to 'common/fpsensor')
-rw-r--r-- | common/fpsensor/fpsensor.c | 14 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_private.h | 5 |
2 files changed, 15 insertions, 4 deletions
diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c index bd36717707..2965b52fe9 100644 --- a/common/fpsensor/fpsensor.c +++ b/common/fpsensor/fpsensor.c @@ -18,6 +18,7 @@ #include "host_command.h" #include "link_defs.h" #include "mkbp_event.h" +#include "overflow.h" #include "spi.h" #include "system.h" #include "task.h" @@ -356,12 +357,17 @@ DECLARE_HOST_COMMAND(EC_CMD_FP_INFO, fp_command_info, BUILD_ASSERT(FP_CONTEXT_NONCE_BYTES == 12); -static int validate_fp_buffer_offset(const uint32_t buffer_size, - const uint32_t offset, const uint32_t size) +int validate_fp_buffer_offset(const uint32_t buffer_size, const uint32_t offset, + const uint32_t size) { - if (size > buffer_size || offset > buffer_size || - size + offset > buffer_size) + uint32_t bytes_requested; + + if (check_add_overflow(size, offset, &bytes_requested)) + return EC_ERROR_OVERFLOW; + + if (bytes_requested > buffer_size) return EC_ERROR_INVAL; + return EC_SUCCESS; } diff --git a/common/fpsensor/fpsensor_private.h b/common/fpsensor/fpsensor_private.h index fb97fb3bfd..a42049dece 100644 --- a/common/fpsensor/fpsensor_private.h +++ b/common/fpsensor/fpsensor_private.h @@ -8,7 +8,12 @@ #ifndef __CROS_EC_FPSENSOR_PRIVATE_H #define __CROS_EC_FPSENSOR_PRIVATE_H +#include <stdint.h> + #define CPRINTF(format, args...) cprintf(CC_FP, format, ## args) #define CPRINTS(format, args...) cprints(CC_FP, format, ## args) +int validate_fp_buffer_offset(uint32_t buffer_size, uint32_t offset, + uint32_t size); + #endif /* __CROS_EC_FPSENSOR_PRIVATE_H */ |