3 files changed, 45 insertions, 46 deletions

diff --git a/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch b/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch
deleted file mode 100644
index 4fd36ab8ab..0000000000
--- a/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From b1d7cc6495c541cdd99399b4d1a835997376dcbf Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 22 Aug 2022 23:42:33 -0700
-Subject: [PATCH] strpbrk_s: Remove unused variable len
-
-Fixes
-error: variable 'len' set but not used [-Werror,-Wunused-but-set-variable]
-
-Upstream-Status: Submitted [https://github.com/rurban/safeclib/pull/123]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/extstr/strpbrk_s.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/extstr/strpbrk_s.c b/src/extstr/strpbrk_s.c
-index 5bb7a0f8..2cf8a8be 100644
---- a/src/extstr/strpbrk_s.c
-+++ b/src/extstr/strpbrk_s.c
-@@ -79,7 +79,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen,
- #endif
- {
-     char *ps;
--    rsize_t len;
- 
-     CHK_SRC_NULL("strpbrk_s", firstp)
-     *firstp = NULL;
-@@ -121,7 +120,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen,
-     while (*dest && dmax) {
- 
-         ps = src;
--        len = slen;
-         while (*ps) {
- 
-             /* check for a match with the substring */
-@@ -130,7 +128,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen,
-                 return RCNEGATE(EOK);
-             }
-             ps++;
--            len--;
-         }
-         dest++;
-         dmax--;
diff --git a/meta-oe/recipes-core/safec/safec/0001-vsnprintf_s-Increase-Buffer-Size-by-1.patch b/meta-oe/recipes-core/safec/safec/0001-vsnprintf_s-Increase-Buffer-Size-by-1.patch
new file mode 100644
index 0000000000..5617aeb368
--- /dev/null
+++ b/meta-oe/recipes-core/safec/safec/0001-vsnprintf_s-Increase-Buffer-Size-by-1.patch
@@ -0,0 +1,41 @@
+From dca9a17c75c7442060c08fdced4e4b0c8d2babae Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 13 Aug 2025 20:23:48 -0700
+Subject: [PATCH] vsnprintf_s: Increase Buffer Size by 1
+
+It is a buffer overflow warning that GCC 15.2 is catching.
+The issue is that it's trying to write to `buf[len++]` when len could
+potentially be 31, which would write to buf[31] in a buffer of size 32
+(valid indices 0-31), but the len++ post-increment means it could
+theoretically write beyond the buffer bounds.
+
+Fixes
+
+../../sources/safec-3.9.1/src/str/vsnprintf_s.c: In function 'safec_ftoa.isra':
+../../sources/safec-3.9.1/src/str/vsnprintf_s.c:523:24: error: writing 32 bytes into a region of size 31 [-Werror=stringop-overflow=]
+  523 |             buf[len++] = '0';
+      |             ~~~~~~~~~~~^~~~~
+../../sources/safec-3.9.1/src/str/vsnprintf_s.c:394:10: note: at offset [1, 32] into destination object 'buf' of size 32
+  394 |     char buf[PRINTF_FTOA_BUFFER_SIZE];
+      |          ^~~
+cc1: all warnings being treated as errors
+
+Upstream-Status: Submitted [https://github.com/rurban/safeclib/pull/148]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/str/vsnprintf_s.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/str/vsnprintf_s.c b/src/str/vsnprintf_s.c
+index fa53ab42..0b62c3cb 100644
+--- a/src/str/vsnprintf_s.c
++++ b/src/str/vsnprintf_s.c
+@@ -391,7 +391,7 @@ static size_t safec_ftoa(out_fct_type out, const char *funcname, char *buffer,
+                          size_t idx, size_t maxlen, double value,
+                          unsigned int prec, unsigned int width,
+                          unsigned int flags) {
+-    char buf[PRINTF_FTOA_BUFFER_SIZE];
++    char buf[PRINTF_FTOA_BUFFER_SIZE + 1]; // Add extra byte for safety
+     size_t len = 0U, off = 0U;
+     double tmp;
+     double diff = 0.0;
diff --git a/meta-oe/recipes-core/safec/safec_3.7.1.bb b/meta-oe/recipes-core/safec/safec_3.9.1.bb
index 4de58f5d63..3635476d1c 100644
--- a/meta-oe/recipes-core/safec/safec_3.7.1.bb
+++ b/meta-oe/recipes-core/safec/safec_3.9.1.bb
@@ -6,10 +6,10 @@ SECTION = "lib"
 
 inherit autotools pkgconfig
 
-SRCREV = "f9add9245b97c7bda6e28cceb0ee37fb7e254fd8"
-SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https \
-           file://0001-strpbrk_s-Remove-unused-variable-len.patch \
-           "
+SRCREV = "39a0a819f80853498e48a6e601a446a122b64aaa"
+SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https;tag=v${PV} \
+           file://0001-vsnprintf_s-Increase-Buffer-Size-by-1.patch \
+                  "
 # arm-yoe-linux-gnueabi-clang: error: argument unused during compilation: '-mretpoline' [-Werror,-Wunused-command-line-argument]
 # arm-yoe-linux-gnueabi-clang: error: argument unused during compilation: '-fstack-clash-protection' [-Werror,-Wunused-command-line-argument]
 TUNE_CCARGS:append:toolchain-clang = " -Qunused-arguments"