Eric Lee / smarc-uboot

43
Download as
Browse Code ยป

Commit 4d3b8a0d1b8665c190d502744e753ba05a047810

Authored by Antonios Vamporakis
Committed by Tom Rini
1 parent cddb6b8304
Exists in master and in 50 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, imx_v2015.04_4.1.15_1.0.0_ga, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-emmc-imx_v2014.04_3.10.53_1.1.0_ga, smarc-emmc-imx_v2014.04_3.14.28_1.0.0_ga, smarc-imx-l5.0.0_1.0.0-ga, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2017.03_4.9.11_1.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2014.04_3.14.28_1.0.0_ga, smarc-imx_v2015.04_4.1.15_1.0.0_ga, smarc-imx_v2017.03_4.9.11_1.0.0_ga, smarc-imx_v2017.03_4.9.88_2.0.0_ga, smarc-imx_v2017.03_o8.1.0_1.3.0_8m, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_2.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0, smarc_8mq_lf_v2020.04, ti-u-boot-2015.07, v2014.01, v2014.04, v2014.04-smarct33, v2014.04-smarct33-emmc, v2014.04-smartmen, v2014.07, v2014.07-smarct33, v2014.07-smartmen, v2015.07-smarct33, v2015.07-smarct33-emmc, v2015.07-smarct4x, v2016.05-dlt, v2016.05-smarct3x, v2016.05-smarct3x-emmc, v2016.05-smarct4x, v2017.01-smarct3x, v2017.01-smarct3x-emmc, v2017.01-smarct4x

lzma: fix buffer bound check error 

Variable uncompressedSize references the space available, while outSizeFull is
the actual expected uncompressed size. Using the wrong value causes LzmaDecode
to return SZ_ERROR_INPUT_EOF. Problem was introduced in commit afca294. While
at it add additional debug message.

Signed-off-by: Antonios Vamporakis <ant@area128.com>
CC: Kees Cook <keescook@chromium.org>
CC: Simon Glass <sjg@chromium.org>
CC: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
CC: Luka Perkov <luka@openwrt.org>

Showing 1 changed file with 4 additions and 1 deletions Side-by-side Diff

lib/lzma/LzmaTools.c
Diff comments   View file @ 4d3b8a0
... ... @@ -102,7 +102,7 @@
102 102 return SZ_ERROR_OUTPUT_EOF;
103 103  
104 104 /* Decompress */
105   - outProcessed = *uncompressedSize;
  105 + outProcessed = outSizeFull;
106 106  
107 107 WATCHDOG_RESET();
108 108  
... ... @@ -111,6 +111,9 @@
111 111 inStream + LZMA_DATA_OFFSET, &compressedSize,
112 112 inStream, LZMA_PROPS_SIZE, LZMA_FINISH_END, &state, &g_Alloc);
113 113 *uncompressedSize = outProcessed;
  114 +
  115 + debug("LZMA: Uncompresed ................ 0x%zx\n", outProcessed);
  116 +
114 117 if (res != SZ_OK) {
115 118 return res;
116 119 }