Re: [PATCH] platform/chrome: cros_ec_typec: reject out-of-bounds PD cap count
From: Andrei Kuchynski
Date: Thu Jun 25 2026 - 07:44:10 EST
On Thu, Jun 25, 2026 at 7:17 AM Maoyi Xie <maoyixie.tju@xxxxxxxxx> wrote:
>
> Hi Andrei,
>
> > Are we only rejecting `out-of-bounds PD cap count` here?
>
> Yes, just the PD cap count for now. That is the only one that feeds a
> write, the memcpy into the stack array caps_desc.pdo[PDO_MAX_OBJECTS].
If the goal is to protect the stack, why not add this check to the
cros_typec_register_partner_pdos() function?
Furthermore, as the name of this function suggests, it should handle all
PDO-related data.
At the moment, you are suggesting to ignore all ec_response_typec_status
values (not just PDO counts) without clearing any events.
Thanks,
Andrei