| commit | a4eaba9a7bf94bd846b468e0cfa60b1fabb404d9 | [log] [tgz] |
|---|---|---|
| author | Pierre-Clément Tosi <ptosi@google.com> | Tue Jan 23 21:24:37 2024 +0000 |
| committer | Pierre-Clément Tosi <ptosi@google.com> | Thu Feb 08 18:06:23 2024 +0000 |
| tree | 4f7d497b11351c157d45806f055bc5c7f0fcf76d | |
| parent | 60282aed066c0d26b4dc38f1527114f7501cb859 [diff] |
libfdt: Make Libfdt::string() actually safe Instead of blindly trusting that the C code has returned a properly NULL-terminated C string[*], limit the CStr constructor to whatever bytes are available between the returned pointer and the end of the DT slice, which hardens the function by: - Avoiding UB if CStr::from_ptr wasn't passed a valid C string; - Avoiding OOB in CStr::from_bytes_until_nul by passing a DT sub-slice. Test: m pvmfw Test: atest liblibfdt.integration_test Change-Id: I56daa3360c8556e7e210d2c53fcea1a332268828
Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.
Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.
If you want a quick start, see the getting started guideline and follow the steps there.
For in-depth explanations about individual topics and components, visit the following links.
AVF components:
AVF APIs:
How-Tos: