diff options
| author | Julius Werner <jwerner@chromium.org> | 2016-02-08 11:46:22 -0800 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2016-02-12 22:00:55 +0100 |
| commit | a25b5d257dbfbff808b19bf8c48565435e6bef9d (patch) | |
| tree | a6e818cf02d087ba8173081f0f8cbba1cac67908 /src/lib/lzma.c | |
| parent | d189987fc923daf0709c69946b4a267cb2c374af (diff) | |
lzma: Port size-checking ulzman() version to coreboot
We've had a second version of ulzma() that would check the input and
output buffer sizes in libpayload for a while now. Since it's generally
never a bad idea to double-check for overruns, let's port it to coreboot
and use it where applicable. (This requires a small fix in the four byte
at a time read optimization we only have in coreboot, since it made the
stream counter hit the end a little earlier than the algorithm liked and
could trigger an assertion.)
BRANCH=None
BUG=None
TEST=Booted Oak, Jerry and Falco.
Change-Id: Id566b31dfa896ea1b991badf5a6ad9d075aef987
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/13637
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/lib/lzma.c')
| -rw-r--r-- | src/lib/lzma.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/lib/lzma.c b/src/lib/lzma.c index c04f4a4040..5566cd5dfc 100644 --- a/src/lib/lzma.c +++ b/src/lib/lzma.c @@ -16,9 +16,10 @@ #include "lzmadecode.h" -unsigned long ulzma(unsigned char * src, unsigned char * dst) +size_t ulzman(const void *src, size_t srcn, void *dst, size_t dstn) { unsigned char properties[LZMA_PROPERTIES_SIZE]; + const int data_offset = LZMA_PROPERTIES_SIZE + 8; UInt32 outSize; SizeT inProcessed; SizeT outProcessed; @@ -26,7 +27,7 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst) CLzmaDecoderState state; SizeT mallocneeds; MAYBE_STATIC unsigned char scratchpad[15980]; - unsigned char *cp; + const unsigned char *cp; /* Note: these timestamps aren't useful for memory-mapped media (x86) */ timestamp_add_now(TS_START_ULZMA); @@ -37,7 +38,8 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst) * byte and re-construct. */ cp = src + LZMA_PROPERTIES_SIZE; outSize = cp[3] << 24 | cp[2] << 16 | cp[1] << 8 | cp[0]; - if (LzmaDecodeProperties(&state.Properties, properties, LZMA_PROPERTIES_SIZE) != LZMA_RESULT_OK) { + if (LzmaDecodeProperties(&state.Properties, properties, + LZMA_PROPERTIES_SIZE) != LZMA_RESULT_OK) { printk(BIOS_WARNING, "lzma: Incorrect stream properties.\n"); return 0; } @@ -47,8 +49,8 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst) return 0; } state.Probs = (CProb *)scratchpad; - res = LzmaDecode(&state, src + LZMA_PROPERTIES_SIZE + 8, (SizeT)0xffffffff, &inProcessed, - dst, outSize, &outProcessed); + res = LzmaDecode(&state, src + data_offset, srcn - data_offset, + &inProcessed, dst, outSize, &outProcessed); if (res != 0) { printk(BIOS_WARNING, "lzma: Decoding error = %d\n", res); return 0; @@ -56,3 +58,8 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst) timestamp_add_now(TS_END_ULZMA); return outProcessed; } + +size_t ulzma(const void *src, void *dst) +{ + return ulzman(src, ~(size_t)0, dst, ~(size_t)0); +} |