From 6548a7a98ea7ab01d8804c191809acfc68cc3b27 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 02:44:17 +0000
Subject: [PATCH 1/3] Bump dawidd6/action-download-artifact from 7 to 8

Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 7 to 8.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/linux.yml   | 4 ++--
 .github/workflows/macos.yml   | 6 +++---
 .github/workflows/windows.yml | 6 +++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 419c247570..9b0da0f647 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -12,13 +12,13 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.event.workflow_run.conclusion == 'success'
     steps:
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: output
 
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 44ae2d3522..ca51265a29 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -16,19 +16,19 @@ jobs:
         run: |
           brew install create-dmg
 
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: output
 
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: qemu_macos
 
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 8f056d2957..0b05ad6d27 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -12,19 +12,19 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.event.workflow_run.conclusion == 'success'
     steps:
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: output
 
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: qemu_w64
 
-      - uses: dawidd6/action-download-artifact@v7
+      - uses: dawidd6/action-download-artifact@v8
         with:
           workflow: main_ci.yml
           workflow_conclusion: success

From bc88a4740f9acabcf927bb349cf364c7df1fe9bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Feb 2025 03:01:44 +0000
Subject: [PATCH 2/3] Bump dawidd6/action-download-artifact from 8 to 9

Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 8 to 9.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/v8...v9)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/linux.yml   | 4 ++--
 .github/workflows/macos.yml   | 6 +++---
 .github/workflows/windows.yml | 6 +++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 9b0da0f647..ec4fa8b731 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -12,13 +12,13 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.event.workflow_run.conclusion == 'success'
     steps:
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: output
 
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index ca51265a29..c31cdf2f83 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -16,19 +16,19 @@ jobs:
         run: |
           brew install create-dmg
 
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: output
 
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: qemu_macos
 
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 0b05ad6d27..8aeda074a9 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -12,19 +12,19 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.event.workflow_run.conclusion == 'success'
     steps:
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: output
 
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success
           name: qemu_w64
 
-      - uses: dawidd6/action-download-artifact@v8
+      - uses: dawidd6/action-download-artifact@v9
         with:
           workflow: main_ci.yml
           workflow_conclusion: success

From e19f5117509b135100235c6bb99f6171307af87a Mon Sep 17 00:00:00 2001
From: Mrcopytuo <920411694@qq.com>
Date: Fri, 12 Dec 2025 17:35:37 +0800
Subject: [PATCH 3/3] tss: Reset size/count fields on unmarshaling failures to
 prevent reuse of invalid lengths

---
 .../tss2/ibmtpm20tss/utils/Commands12.c       |  7 ++++++
 .../libstb/tss2/ibmtpm20tss/utils/Unmarshal.c | 24 +++++++++++++++++++
 .../tss2/ibmtpm20tss/utils/Unmarshal12.c      |  7 ++++++
 .../libstb/tss2/ibmtpm20tss/utils/eventlib.c  |  5 ++++
 .../tss2/ibmtpm20tss/utils/tssmarshal12.c     |  6 +++++
 5 files changed, 49 insertions(+)

diff --git a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Commands12.c b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Commands12.c
index 44e3d0ae8b..ae517bf352 100644
--- a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Commands12.c
+++ b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Commands12.c
@@ -68,6 +68,7 @@ ActivateIdentity_In_Unmarshal(ActivateIdentity_In *target, BYTE **buffer, uint32
     if (rc == 0) {
 	if (target->blobSize > sizeof(target->blob)) {
 	    rc = TPM_RC_SIZE;
+	    target->blobSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -181,6 +182,7 @@ GetCapability12_In_Unmarshal(GetCapability12_In *target, BYTE **buffer, uint32_t
     if (rc == 0) {
 	if (target->subCapSize > sizeof(target->subCap)) {
 	    rc = TPM_RC_SIZE;
+	    target->subCapSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -326,6 +328,7 @@ NV_WriteValue_In_Unmarshal(NV_WriteValue_In *target, BYTE **buffer, uint32_t *si
     if (rc == 0) {
 	if (target->dataSize > sizeof(target->data)) {
 	    rc = TPM_RC_SIZE;
+		target->dataSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -360,6 +363,7 @@ NV_WriteValueAuth_In_Unmarshal(NV_WriteValueAuth_In *target, BYTE **buffer, uint
     if (rc == 0) {
 	if (target->dataSize > sizeof(target->data)) {
 	    rc = TPM_RC_SIZE;
+		target->dataSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -516,6 +520,7 @@ Sign12_In_Unmarshal(Sign12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE
     if (rc == 0) {
 	if (target->areaToSignSize > sizeof(target->areaToSign)) {
 	    rc = TPM_RC_SIZE;
+	    target->areaToSignSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -563,6 +568,7 @@ TakeOwnership_In_Unmarshal(TakeOwnership_In *target, BYTE **buffer, uint32_t *si
      if (rc == 0) {
 	 if (target->encOwnerAuthSize > sizeof(target->encOwnerAuth)) {
 	    rc = TPM_RC_SIZE;
+	    target->encOwnerAuthSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -580,6 +586,7 @@ TakeOwnership_In_Unmarshal(TakeOwnership_In *target, BYTE **buffer, uint32_t *si
     if (rc == 0) {
 	if (target->encSrkAuthSize > sizeof(target->encSrkAuth)) {
 	    rc = TPM_RC_SIZE;
+	    target->encSrkAuthSize = 0;
 	}
     }    
     if (rc == 0) {
diff --git a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c
index 70dacda3e3..ccb1fc9f1f 100644
--- a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c
+++ b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c
@@ -192,6 +192,7 @@ TSS_TPM2B_Unmarshalu(TPM2B *target, uint16_t targetSize, BYTE **buffer, uint32_t
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size > targetSize) {
 	    rc = TPM_RC_SIZE;
+	    target->size = 0;
 	}
     }
     if (rc == TPM_RC_SUCCESS) {
@@ -1601,6 +1602,7 @@ TSS_TPML_CC_Unmarshalu(TPML_CC *target, BYTE **buffer, uint32_t *size)
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_CAP_CC) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1623,6 +1625,7 @@ TSS_TPML_CCA_Unmarshalu(TPML_CCA *target, BYTE **buffer, uint32_t *size)
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_CAP_CC) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1645,6 +1648,7 @@ TSS_TPML_ALG_Unmarshalu(TPML_ALG *target, BYTE **buffer, uint32_t *size)
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_ALG_LIST_SIZE) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1667,6 +1671,7 @@ TSS_TPML_HANDLE_Unmarshalu(TPML_HANDLE *target, BYTE **buffer, uint32_t *size)
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_CAP_HANDLES) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1693,11 +1698,13 @@ TSS_TPML_DIGEST_Unmarshalu(TPML_DIGEST *target, BYTE **buffer, uint32_t *size, u
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count < minCount) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > 8) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1720,6 +1727,7 @@ TSS_TPML_DIGEST_VALUES_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uin
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > HASH_COUNT) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1742,6 +1750,7 @@ TSS_TPML_PCR_SELECTION_Unmarshalu(TPML_PCR_SELECTION *target, BYTE **buffer, uin
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > HASH_COUNT) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1764,6 +1773,7 @@ TSS_TPML_ALG_PROPERTY_Unmarshalu(TPML_ALG_PROPERTY *target, BYTE **buffer, uint3
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_CAP_ALGS) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1786,6 +1796,7 @@ TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(TPML_TAGGED_TPM_PROPERTY  *target, BYTE
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_TPM_PROPERTIES) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1808,6 +1819,7 @@ TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(TPML_TAGGED_PCR_PROPERTY *target, BYTE *
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_PCR_PROPERTIES) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1830,6 +1842,7 @@ TSS_TPML_ECC_CURVE_Unmarshalu(TPML_ECC_CURVE *target, BYTE **buffer, uint32_t *s
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_ECC_CURVES) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1852,6 +1865,7 @@ TSS_TPML_TAGGED_POLICY_Unmarshalu(TPML_TAGGED_POLICY *target, BYTE **buffer, uin
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > MAX_TAGGED_POLICIES) {
 	    rc = TPM_RC_SIZE;
+        target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2439,6 +2453,7 @@ TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(TPM2B_SENSITIVE_CREATE *target, BYTE **buf
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size == 0) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     if (rc == TPM_RC_SUCCESS) {
@@ -2450,6 +2465,7 @@ TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(TPM2B_SENSITIVE_CREATE *target, BYTE **buf
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size != startSize - *size) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     return rc;
@@ -3134,6 +3150,7 @@ TSS_TPM2B_ECC_POINT_Unmarshalu(TPM2B_ECC_POINT *target, BYTE **buffer, uint32_t
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size == 0) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     if (rc == TPM_RC_SUCCESS) {
@@ -3145,6 +3162,7 @@ TSS_TPM2B_ECC_POINT_Unmarshalu(TPM2B_ECC_POINT *target, BYTE **buffer, uint32_t
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size != startSize - *size) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     return rc;
@@ -3641,6 +3659,7 @@ TSS_TPM2B_PUBLIC_Unmarshalu(TPM2B_PUBLIC *target, BYTE **buffer, uint32_t *size,
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size == 0) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     if (rc == TPM_RC_SUCCESS) {
@@ -3652,6 +3671,7 @@ TSS_TPM2B_PUBLIC_Unmarshalu(TPM2B_PUBLIC *target, BYTE **buffer, uint32_t *size,
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size != startSize - *size) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     return rc;
@@ -3748,6 +3768,7 @@ TSS_TPM2B_SENSITIVE_Unmarshalu(TPM2B_SENSITIVE *target, BYTE **buffer, uint32_t
 	if (rc == TPM_RC_SUCCESS) {
 	    if (target->t.size != startSize - *size) {
 		rc = TPM_RC_SIZE;
+        target->t.size = 0;
 	    }
 	}
     }
@@ -3839,6 +3860,7 @@ TSS_TPM2B_NV_PUBLIC_Unmarshalu(TPM2B_NV_PUBLIC *target, BYTE **buffer, uint32_t
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size == 0) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     if (rc == TPM_RC_SUCCESS) {
@@ -3850,6 +3872,7 @@ TSS_TPM2B_NV_PUBLIC_Unmarshalu(TPM2B_NV_PUBLIC *target, BYTE **buffer, uint32_t
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size != startSize - *size) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     return rc;
@@ -3979,6 +4002,7 @@ TSS_TPM2B_CREATION_DATA_Unmarshalu(TPM2B_CREATION_DATA *target, BYTE **buffer, u
     if (rc == TPM_RC_SUCCESS) {
 	if (target->size != startSize - *size) {
 	    rc = TPM_RC_SIZE;
+        target->size = 0;
 	}
     }
     return rc;
diff --git a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c
index 34a4bb1c05..120db7de15 100644
--- a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c
+++ b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c
@@ -121,6 +121,7 @@ TSS_TPM_PCR_SELECTION_Unmarshalu(TPM_PCR_SELECTION *target, BYTE **buffer, uint3
     if (rc == 0) {
 	if (target->sizeOfSelect > sizeof(target->pcrSelect)) {
 	    rc = TPM_RC_SIZE;
+	    target->sizeOfSelect = 0;
 	}
     }    
     if (rc == 0) {
@@ -219,6 +220,7 @@ TSS_TPM_SYMMETRIC_KEY_Unmarshalu(TPM_SYMMETRIC_KEY *target, BYTE **buffer, uint3
     if (rc == 0) {
 	if (target->size > sizeof(target->data)) {
 	    rc = TPM_RC_SIZE;
+	    target->size = 0;
 	}
     }    
     if (rc == 0) {
@@ -245,6 +247,7 @@ TSS_TPM_RSA_KEY_PARMS_Unmarshalu(TPM_RSA_KEY_PARMS *target, BYTE **buffer, uint3
     if (rc == 0) {
 	if (target->exponentSize > sizeof(target->exponent)) {
 	    rc = TPM_RC_SIZE;
+	    target->exponentSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -360,6 +363,7 @@ TSS_TPM_STORE_PUBKEY_Unmarshalu(TPM_STORE_PUBKEY *target, BYTE **buffer, uint32_
     if (rc == 0) {
 	if (target->keyLength > sizeof(target->key)) {
 	    rc = TPM_RC_SIZE;
+	    target->keyLength = 0;
 	}
     }    
     if (rc == 0) {
@@ -457,6 +461,7 @@ TSS_TPM_CAP_VERSION_INFO_Unmarshalu(TPM_CAP_VERSION_INFO *target, BYTE **buffer,
     if (rc == 0) {
 	if (target->vendorSpecificSize > sizeof(target->vendorSpecific)) {
 	    rc = TPM_RC_SIZE;
+	    target->vendorSpecificSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -493,6 +498,7 @@ TSS_TPM_DA_INFO_Unmarshalu(TPM_DA_INFO *target, BYTE **buffer, uint32_t *size)
     if (rc == 0) {
 	if (target->vendorDataSize > sizeof(target->vendorData)) {
 	    rc = TPM_RC_SIZE;
+        target->vendorDataSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -520,6 +526,7 @@ TSS_TPM_DA_INFO_LIMITED_Unmarshalu(TPM_DA_INFO_LIMITED *target, BYTE **buffer, u
     if (rc == 0) {
 	if (target->vendorDataSize > sizeof(target->vendorData)) {
 	    rc = TPM_RC_SIZE;
+        target->vendorDataSize = 0;
 	}
     }    
     if (rc == 0) {
diff --git a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/eventlib.c b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/eventlib.c
index b887e1122b..e8765cec82 100644
--- a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/eventlib.c
+++ b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/eventlib.c
@@ -224,6 +224,7 @@ TPM_RC TSS_EVENT_Line_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *
     if (rc == 0) {
 	if (target->eventDataSize > sizeof(target->event)) {
 	    rc = TPM_RC_SIZE;
+	    target->eventDataSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -254,6 +255,7 @@ TPM_RC TSS_EVENT_Line_LE_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_
     if (rc == 0) {
 	if (target->eventDataSize > sizeof(target->event)) {
 	    rc = TPM_RC_SIZE;
+	    target->eventDataSize = 0;
 	}
     }
     if (rc == 0) {
@@ -661,6 +663,7 @@ TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t
     if (rc == 0) {
 	if (target->eventSize > sizeof(target->event)) {
 	    rc = TPM_RC_SIZE;
+	    target->eventSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -692,6 +695,7 @@ TPM_RC TSS_EVENT2_Line_LE_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint3
     if (rc == 0) {
 	if (target->eventSize > sizeof(target->event)) {
 	    rc = TPM_RC_SIZE;
+	    target->eventSize = 0;
 	}
     }
     if (rc == 0) {
@@ -938,6 +942,7 @@ TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer,
     if (rc == TPM_RC_SUCCESS) {
 	if (target->count > HASH_COUNT) {
 	    rc = TPM_RC_SIZE;
+	    target->count = 0;
 	}
     }
     for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
diff --git a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c
index 43d6b553b4..6e4510df83 100644
--- a/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c
+++ b/qemu-8.0.0/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c
@@ -480,6 +480,7 @@ TSS_GetCapability12_Out_Unmarshalu(GetCapability12_Out *target, TPM_ST tag, BYTE
     if (rc == 0) {
 	if (target->respSize > sizeof(target->resp)) {
 	    rc = TPM_RC_SIZE;
+	    target->respSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -513,6 +514,7 @@ TSS_MakeIdentity_Out_Unmarshalu(MakeIdentity_Out *target, TPM_ST tag, BYTE **buf
     if (rc == 0) {
 	if (target->identityBindingSize > sizeof(target->identityBinding)) {
 	    rc = TPM_RC_SIZE;
+	    target->identityBindingSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -532,6 +534,7 @@ TSS_NV_ReadValueAuth_Out_Unmarshalu(NV_ReadValueAuth_Out *target, TPM_ST tag, BY
     if (rc == 0) {
 	if (target->dataSize > sizeof(target->data)) {
 	    rc = TPM_RC_SIZE;
+        target->dataSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -551,6 +554,7 @@ TSS_NV_ReadValue_Out_Unmarshalu(NV_ReadValue_Out *target, TPM_ST tag, BYTE **buf
     if (rc == 0) {
 	if (target->dataSize > sizeof(target->data)) {
 	    rc = TPM_RC_SIZE;
+	    target->dataSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -632,6 +636,7 @@ TSS_Quote2_Out_Unmarshalu(Quote2_Out *target, TPM_ST tag, BYTE **buffer, uint32_
     if (rc == 0) {
 	if (target->sigSize > sizeof(target->sig)) {
 	    rc = TPM_RC_SIZE;
+	    target->sigSize = 0;
 	}
     }    
     if (rc == 0) {
@@ -651,6 +656,7 @@ TSS_Sign12_Out_Unmarshalu(Sign12_Out *target, TPM_ST tag, BYTE **buffer, uint32_
     if (rc == 0) {
 	if (target->sigSize > sizeof(target->sig)) {
 	    rc = TPM_RC_SIZE;
+	    target->sigSize = 0;
 	}
     }    
     if (rc == 0) {