--- /dev/null
+Upstream-Status: Backport 3.4.0
+
+Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
+---
+From 0953bf0abb08fb98d24b7966001171a707fbb9b9 Mon Sep 17 00:00:00 2001
+From: Etienne Carriere <etienne.carriere@linaro.org>
+Date: Fri, 21 Dec 2018 15:36:25 +0100
+Subject: [PATCH] regression 4011: correct potential overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix issues reported by GCC 8.2.0.
+
+build/optee_test/host/xtest/regression_4000.c: In function ‘xtest_tee_test_4011’:
+build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ pointer overflow between offset [0, 8] and size [4294967295, 2147483647] accessing array ‘tmp’ with type ‘uint8_t[1024]’ {aka ‘unsigned char[1024]’} [-Werror=array-bounds]
+ memmove(tmp + n + i, tmp + m, tmp_size - m);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+build/optee_test/host/xtest/regression_4000.c:4927:10: note: array ‘tmp’ declared here
+ uint8_t tmp[1024];
+ ^~~
+build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ specified size 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=]
+ memmove(tmp + n + i, tmp + m, tmp_size - m);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+
+Reported-by: Simon Hughes <simon.hughes@arm.com>
+Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/regression_4000.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
+index 766aad2..205a226 100644
+--- a/host/xtest/regression_4000.c
++++ b/host/xtest/regression_4000.c
+@@ -5018,18 +5018,28 @@ static void xtest_tee_test_4011(ADBG_Case_t *c)
+ out, out_size, tmp, &tmp_size)))
+ goto out;
+
++ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp)))
++ goto out;
++
+ /* 4.1 */
+- for (n = 0; n < tmp_size; n++)
++ for (n = 0; n < tmp_size - i; n++)
+ if (tmp[n] == 0xff)
+ break;
++
++ /* Shall find at least a padding start before buffer end */
++ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1))
++ goto out;
++
+ for (m = n + 1; m < tmp_size; m++)
+ if (tmp[m] != 0xff)
+ break;
++
+ /* 4.2 */
+ memmove(tmp + n + i, tmp + m, tmp_size - m);
++
+ /* 4.3 */
+- for (n = n + tmp_size - m + i; n < tmp_size; n++)
+- tmp[n] = 0;
++ n = n + i + tmp_size - m;
++ memset(tmp + n, 0, tmp_size - n);
+
+ /* 5 */
+ out_size = sizeof(out);
+--
+2.7.4
+
--- /dev/null
+Upstream-Status: Backport 3.4.0
+
+Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
+---
+From 493574ad1f4f56dd63097a652b87c25c507ce99c Mon Sep 17 00:00:00 2001
+From: Etienne Carriere <etienne.carriere@linaro.org>
+Date: Fri, 21 Dec 2018 15:36:00 +0100
+Subject: [PATCH] xtest: prevent unexpected build warning with strncpy
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This change modifies adbg_run.c to prevent a false positive
+warning reported by GCC 8.2 on usage of strncpy():
+
+ build/optee_test/host/xtest/adbg/src/adbg_run.c: In function ‘Do_ADBG_AppendToSuite’:
+ build/optee_test/host/xtest/adbg/src/adbg_run.c:103:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
+ strncpy(p, Source_p->SuiteID_p, size);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ build/optee_test/host/xtest/adbg/src/adbg_run.c:88:9: note: length computed here
+ size = strlen(Source_p->SuiteID_p);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~
+ cc1: all warnings being treated as errors
+
+From [1]:
+ Using strncpy Safely
+ In general, it is not possible to avoid string truncation by strncpy
+ except by sizing the destination to be at least a byte larger than
+ the length of the source string. With that approach, however, using
+ strncpy becomes unnecessary and the function can be avoided in favor
+ of other APIs such as strcpy or (less preferably) memcpy. Much has
+ been written about the problems with strncpy and we recommend to
+ avoid it whenever possible. It is, however, worth keeping in mind
+ that unlike other standard string-handling functions, strncpy always
+ writes exactly as many characters as specified by the third argument;
+ if the source string is shorter, the function fills the remaining
+ bytes with NULs.
+
+This change prefers using a snprintf() as used in the alternate
+instruction block of the strncpy() call.
+
+[1] https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
+
+Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
+Signed-off-by: Simon Hughes <simon.hughes@arm.com>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/adbg/src/adbg_run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/host/xtest/adbg/src/adbg_run.c b/host/xtest/adbg/src/adbg_run.c
+index 406e429..2739db5 100644
+--- a/host/xtest/adbg/src/adbg_run.c
++++ b/host/xtest/adbg/src/adbg_run.c
+@@ -100,7 +100,7 @@ int Do_ADBG_AppendToSuite(
+ snprintf(p, size, "%s+%s", Dest_p->SuiteID_p,
+ Source_p->SuiteID_p);
+ else
+- strncpy(p, Source_p->SuiteID_p, size);
++ snprintf(p, size, "%s", Source_p->SuiteID_p);
+ free((void *)Dest_p->SuiteID_p);
+ Dest_p->SuiteID_p = p;
+
+--
+2.7.4
+
--- /dev/null
+# Copyright (C) 2017-2018 NXP
+
+SUMMARY = "OPTEE test"
+HOMEPAGE = "http://www.optee.org/"
+
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
+
+DEPENDS = "optee-os optee-client python-pycrypto-native openssl"
+inherit pythonnative
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRCBRANCH = "imx_4.14.78_1.0.0_ga"
+OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https"
+
+SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \
+ file://0001-regression-4011-correct-potential-overflow.patch \
+ file://0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch \
+"
+
+S = "${WORKDIR}/git"
+
+SRCREV = "eb7f698da9a7fa1587f96aa92ad8668abb0f0f48"
+
+
+
+do_compile () {
+ if [ ${DEFAULTTUNE} = "aarch64" ];then
+ export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm64/
+ export ARCH=arm64
+ else
+ export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm32/
+ export ARCH=arm
+ fi
+ export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr
+ export CROSS_COMPILE_HOST=${HOST_PREFIX}
+ export CROSS_COMPILE_TA=${HOST_PREFIX}
+ export CROSS_COMPILE=${HOST_PREFIX}
+ export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/
+ oe_runmake V=1
+}
+
+do_install () {
+ install -d ${D}/usr/bin
+ install ${S}/out/xtest/xtest ${D}/usr/bin/
+
+ install -d ${D}/lib/optee_armtz
+ find ${S}/out/ta -name '*.ta' | while read name; do
+ install -m 444 $name ${D}/lib/optee_armtz/
+ done
+
+}
+
+FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/"
+
+COMPATIBLE_MACHINE = "(mx6|mx7|mx8)"
