summaryrefslogtreecommitdiff
path: root/drivers/input/misc/ims-pcu.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/input/misc/ims-pcu.c')
-rw-r--r--drivers/input/misc/ims-pcu.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c
index d9ee14b1f451..4581f1c53644 100644
--- a/drivers/input/misc/ims-pcu.c
+++ b/drivers/input/misc/ims-pcu.c
@@ -844,6 +844,12 @@ static int ims_pcu_flash_firmware(struct ims_pcu *pcu,
addr = be32_to_cpu(rec->addr) / 2;
len = be16_to_cpu(rec->len);
+ if (len > sizeof(pcu->cmd_buf) - 1 - sizeof(*fragment)) {
+ dev_err(pcu->dev,
+ "Invalid record length in firmware: %d\n", len);
+ return -EINVAL;
+ }
+
fragment = (void *)&pcu->cmd_buf[1];
put_unaligned_le32(addr, &fragment->addr);
fragment->len = len;
generated by cgit (git 2.34.1) at 2025-06-05 14:27:39 +0000