From 1cebc8ce23ae92c70ccb3a03a42cb7c84cb2764c Mon Sep 17 00:00:00 2001
From: Paras Sharma <quic_parass@quicinc.com>
Date: Fri, 16 Jun 2023 10:27:03 +0530
Subject: [PATCH] bus: mhi: fix potential out-of-bound access

In the mhi_sat_isvalid_header function if the length is less than
the size of header then there can be out-of-bound access.

So fix the len check in the function.

Change-Id: I80f1556557b1bf2f30c07f6377bd6e3db48712b3
Signed-off-by: Krishna chaitanya chundru <quic_krichai@quicinc.com>
Signed-off-by: Paras Sharma <quic_parass@quicinc.com>
---
 drivers/bus/mhi/devices/mhi_satellite.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/bus/mhi/devices/mhi_satellite.c b/drivers/bus/mhi/devices/mhi_satellite.c
index 24621475a268..2f226093157f 100644
--- a/drivers/bus/mhi/devices/mhi_satellite.c
+++ b/drivers/bus/mhi/devices/mhi_satellite.c
@@ -358,7 +358,7 @@ static struct mhi_sat_device *find_sat_dev_by_id(
 static bool mhi_sat_isvalid_header(struct sat_header *hdr, int len)
 {
 	/* validate payload size */
-	if (len >= sizeof(*hdr) && (len != hdr->payload_size + sizeof(*hdr)))
+	if (len < sizeof(*hdr) || len != hdr->payload_size + sizeof(*hdr))
 		return false;
 
 	/* validate SAT IPC version */