diff options
| author | Antonios Vamporakis <ant@area128.com> | 2013-12-31 02:57:01 +0100 |
|---|---|---|
| committer | Tom Rini <trini@ti.com> | 2014-01-14 09:01:05 -0500 |
| commit | 4d3b8a0d1b8665c190d502744e753ba05a047810 (patch) | |
| tree | 5d10a711dd745bb2d038d90db1606225ce2fba80 /lib/lzma | |
| parent | cddb6b8304bfbc34f43920051256de7fe6c4c0ab (diff) | |
| download | u-boot-4d3b8a0d1b8665c190d502744e753ba05a047810.tar.gz | |
lzma: fix buffer bound check error
Variable uncompressedSize references the space available, while outSizeFull is
the actual expected uncompressed size. Using the wrong value causes LzmaDecode
to return SZ_ERROR_INPUT_EOF. Problem was introduced in commit afca294. While
at it add additional debug message.
Signed-off-by: Antonios Vamporakis <ant@area128.com>
CC: Kees Cook <keescook@chromium.org>
CC: Simon Glass <sjg@chromium.org>
CC: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
CC: Luka Perkov <luka@openwrt.org>
Diffstat (limited to 'lib/lzma')
| -rw-r--r-- | lib/lzma/LzmaTools.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/lzma/LzmaTools.c b/lib/lzma/LzmaTools.c index 0aec2f9c76..90d31cdcf8 100644 --- a/lib/lzma/LzmaTools.c +++ b/lib/lzma/LzmaTools.c @@ -102,7 +102,7 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize, return SZ_ERROR_OUTPUT_EOF; /* Decompress */ - outProcessed = *uncompressedSize; + outProcessed = outSizeFull; WATCHDOG_RESET(); @@ -111,6 +111,9 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize, inStream + LZMA_DATA_OFFSET, &compressedSize, inStream, LZMA_PROPS_SIZE, LZMA_FINISH_END, &state, &g_Alloc); *uncompressedSize = outProcessed; + + debug("LZMA: Uncompresed ................ 0x%zx\n", outProcessed); + if (res != SZ_OK) { return res; } |