[U-Boot] [PATCH] lzma: fix buffer bound check error
Antonios Vamporakis
ant at area128.com
Tue Dec 31 02:57:01 CET 2013
Variable uncompressedSize references the space available, while outSizeFull is
the actual expected uncompressed size. Using the wrong value causes LzmaDecode
to return SZ_ERROR_INPUT_EOF. Problem was introduced in commit afca294. While
at it add additional debug message.
Signed-off-by: Antonios Vamporakis <ant at area128.com>
CC: Kees Cook <keescook at chromium.org>
CC: Simon Glass <sjg at chromium.org>
CC: Daniel Schwierzeck <daniel.schwierzeck at gmail.com>
CC: Luka Perkov <luka at openwrt.org>
---
lib/lzma/LzmaTools.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/lzma/LzmaTools.c b/lib/lzma/LzmaTools.c
index 0aec2f9..90d31cd 100644
--- a/lib/lzma/LzmaTools.c
+++ b/lib/lzma/LzmaTools.c
@@ -102,7 +102,7 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize,
return SZ_ERROR_OUTPUT_EOF;
/* Decompress */
- outProcessed = *uncompressedSize;
+ outProcessed = outSizeFull;
WATCHDOG_RESET();
@@ -111,6 +111,9 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize,
inStream + LZMA_DATA_OFFSET, &compressedSize,
inStream, LZMA_PROPS_SIZE, LZMA_FINISH_END, &state, &g_Alloc);
*uncompressedSize = outProcessed;
+
+ debug("LZMA: Uncompresed ................ 0x%zx\n", outProcessed);
+
if (res != SZ_OK) {
return res;
}
--
1.8.3.2
More information about the U-Boot
mailing list