From e4b718df7a3fbf320fc867844699e60e908d6c20 Mon Sep 17 00:00:00 2001
From: Fabien Parent <fparent@baylibre.com>
Date: Sat, 5 May 2018 13:45:07 +0200
Subject: [PATCH] charge_manager: fix possible out of bound read access

The port id given by the kernel is never checked and out-of-bound
read accesses can be made on available_charge. Fix it.

Change-Id: I06ed3d28c30db77d8256e9af808484a7cbdc901e
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Reviewed-on: https://chromium-review.googlesource.com/1046592
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
---
 common/charge_manager.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/charge_manager.c b/common/charge_manager.c
index 63a257ab40..2c30ca7bc8 100644
--- a/common/charge_manager.c
+++ b/common/charge_manager.c
@@ -1079,6 +1079,9 @@ static int hc_pd_power_info(struct host_cmd_handler_args *args)
 	if (port == PD_POWER_CHARGING_PORT)
 		port = charge_port;
 
+	if (port >= CHARGE_PORT_COUNT)
+		return EC_RES_INVALID_PARAM;
+
 	charge_manager_fill_power_info(port, r);
 
 	args->response_size = sizeof(*r);