From 2c4e1f62f3b85930e291e269b762fe160177d8bf Mon Sep 17 00:00:00 2001
From: William Vinnicombe <william.vinnicombe@raspberrypi.com>
Date: Fri, 5 Dec 2025 15:23:11 +0000
Subject: [PATCH] Add buffer validation for nonsecure stdio

Prevents nonsecure code printing secure data
---
 src/rp2_common/pico_bootrom/bootrom.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/rp2_common/pico_bootrom/bootrom.c b/src/rp2_common/pico_bootrom/bootrom.c
index 11e7e71e..1b608ca6 100644
--- a/src/rp2_common/pico_bootrom/bootrom.c
+++ b/src/rp2_common/pico_bootrom/bootrom.c
@@ -504,6 +504,9 @@ int rom_default_callback(uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_
     switch (fn) {
     #if PICO_ALLOW_NONSECURE_STDIO
         case SECURE_CALL_stdio_out_chars: {
+            uint32_t ok = RCP_MASK_FALSE;
+            rom_validate_ns_buffer((char*)a, b, RCP_MASK_TRUE, &ok);
+            if (ok != RCP_MASK_TRUE) return BOOTROM_ERROR_NOT_PERMITTED;
             stdio_put_string((char*)a, b, false, true);
             stdio_flush();
             return BOOTROM_OK;