[PATCH] lib: zlib: Remove offset pointer optimization in inftrees.c

Tom Rini trini at konsulko.com
Fri Jul 17 22:57:43 CEST 2020


On Wed, Jun 24, 2020 at 04:31:08PM +0800, Ley Foon Tan wrote:

> From: Chin Liang See <chin.liang.see at intel.com>
> 
> This fixes the CVE-2016-9840. Commit imported from [1].
> 
> inftrees.c was subtracting an offset from a pointer to an array,
> in order to provide a pointer that allowed indexing starting at
> the offset. This is not compliant with the C standard, for which
> the behavior of a pointer decremented before its allocated memory
> is undefined. Per the recommendation of a security audit of the
> zlib code by Trail of Bits and TrustInSoft, in support of the
> Mozilla Foundation, this tiny optimization was removed, in order
> to avoid the possibility of undefined behavior.
> 
> [1]: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
> 
> Signed-off-by: Mark Adler <madler at alumni.caltech.edu>
> Signed-off-by: Chin Liang See <chin.liang.see at intel.com>
> Signed-off-by: Ley Foon Tan <ley.foon.tan at intel.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200717/54732dda/attachment.sig>


More information about the U-Boot mailing list