fix(intel): update memcpy to memcpy_s memcpy does not check the dst_size which may create vulnerable issue as it can overflow the buffer. Using memcpy_s which check the dst_size will help to reduce the risk. Also, this memcpy is always 4 bytes each time. Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com> Change-Id: I413e6ae2ee9330501703c4cd63b7943c6f55b4c7

commit: e264b5573952c72805a14e69e438168c00163e9a [log] [tgz]
author: Sieu Mun Tang <sieu.mun.tang@intel.com> Mon Aug 26 07:59:10 2024 +0800
committer: Sieu Mun Tang <sieu.mun.tang@intel.com> Mon Aug 26 07:59:10 2024 +0800
tree: 5c0b1749668287f86768218f62b28ed7238c1cda
parent: 8fb91783ffa96343dd8ebad9773d7c2055ea4496 [diff] [blame]
diff --git a/plat/intel/soc/common/socfpga_vab.c b/plat/intel/soc/common/socfpga_vab.c
index d1734c8..969abb3 100644
--- a/plat/intel/soc/common/socfpga_vab.c
+++ b/plat/intel/soc/common/socfpga_vab.c

@@ -113,7 +113,8 @@
 
 	VERBOSE("mbox_data_addr = %lx    mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
 
-	memcpy(mbox_relocate_data_addr, (uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
+	memcpy_s(mbox_relocate_data_addr, mbox_data_sz * sizeof(uint32_t),
+		(uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
 
 	*((unsigned int *)mbox_relocate_data_addr) = CCERT_CMD_TEST_PGM_MASK;
commit	e264b5573952c72805a14e69e438168c00163e9a	[log] [tgz]
author	Sieu Mun Tang <sieu.mun.tang@intel.com>	Mon Aug 26 07:59:10 2024 +0800
committer	Sieu Mun Tang <sieu.mun.tang@intel.com>	Mon Aug 26 07:59:10 2024 +0800
tree	5c0b1749668287f86768218f62b28ed7238c1cda
parent	8fb91783ffa96343dd8ebad9773d7c2055ea4496 [diff] [blame]