Branch: refs/heads/main Home: https://github.com/OpenAMP/open-amp Commit: 9aa3ee53c7f781effa8d4fb17e37dbffb3f17a31 https://github.com/OpenAMP/open-amp/commit/9aa3ee53c7f781effa8d4fb17e37dbffb... Author: Arnaud Pouliquen arnaud.pouliquen@foss.st.com Date: 2024-10-18 (Fri, 18 Oct 2024)

Changed paths: M lib/CMakeLists.txt A lib/include/internal/utilities.h A lib/utils/CMakeLists.txt A lib/utils/utilities.c

Log Message: ----------- lib: utils: implement internal safe_strcpy function

The strlcpy() function has only recently become available in glibc. While this function prevents destination buffer overflow, it seems that it cannot guarantee read access only within the source buffer. this is for instance the case if the source string is not terminated by a'\0' character. Implement a safe_strcpy to ensure that no access is done out of the source and destination buffer ranges.

Signed-off-by: Arnaud Pouliquen arnaud.pouliquen@foss.st.com

Commit: 27bec14883019d0b1a526f7cbd17314360141c0a https://github.com/OpenAMP/open-amp/commit/27bec14883019d0b1a526f7cbd1731436... Author: Arnaud Pouliquen arnaud.pouliquen@foss.st.com Date: 2024-10-18 (Fri, 18 Oct 2024)

Changed paths: M lib/rpmsg/rpmsg.c

Log Message: ----------- lib: rpmsg: replace strncpy with internal safe_strcpy

The strncpy function does not ensure that the destination string is null-terminated. To address this issue, replace strncpy with the internal safe_strcpy() function, which guarantees null-termination of the destination string but also access only in buffer memory ranges.

Note: (void)safe_strcpy(...) indicates that the return value is intentionally ignored.

Signed-off-by: Arnaud Pouliquen arnaud.pouliquen@foss.st.com

Commit: c3132d0d631a4465bfc062b03274a67acf0039ab https://github.com/OpenAMP/open-amp/commit/c3132d0d631a4465bfc062b03274a67ac... Author: Arnaud Pouliquen arnaud.pouliquen@foss.st.com Date: 2024-10-18 (Fri, 18 Oct 2024)

Changed paths: M lib/remoteproc/remoteproc.c

Log Message: ----------- lib: remoteproc: replace strncpy with internal safe_strcpy

The strncpy function does not ensure that the destination string is null-terminated. To address this issue, replace strncpy with the internal safe_strcpy() function, which guarantees null-termination of the destination string but also access only in buffer memory ranges.

Note: (void)safe_strcpy(...) indicates that the return value is intentionally ignored.

Signed-off-by: Arnaud Pouliquen arnaud.pouliquen@foss.st.com

Compare: https://github.com/OpenAMP/open-amp/compare/a69881f13134...c3132d0d631a

To unsubscribe from these emails, change your notification settings at https://github.com/OpenAMP/open-amp/settings/notifications