summaryrefslogtreecommitdiff
path: root/payloads/libpayload/liblzma/lzma.c
AgeCommit message (Collapse)Author
2020-02-24libpayload: Fix out-of-bounds readAlex Rebert
Fix an out-of-bounds read in the LZMA decoder which happens when the src buffer is too small to contain the 13-byte LZMA header. Change-Id: Ie442f82cd1abcf7fa18295e782cccf26a7d30079 Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com> Found-by: Mayhem Reviewed-on: https://review.coreboot.org/c/coreboot/+/39033 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2016-08-08libpayload: lzma: Allocate scratchpad on the heapJulius Werner
Allocating a 15980-byte scratchpad on the stack when your default stack size is set to 16KB is really not a great idea. We're regularly overflowing into the end of our heap when using LZMA in libpayload, and just happen not to notice it because the heap rarely gets filled up all the way. Of course, since we always *have* a heap in libpayload, the much saner solution is to just use it directly to allocate the scratchpad rather than accidentally grow backwards into it anyway. Change-Id: Ibe4f02057a32bd156a126302178fa6fcab637d2c Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/16089 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2015-07-06lzma: Return correct amount of decompressed bytesJulius Werner
The LZMA functions are supposed to return the decompressed size, but what they actually return is just an unaltered field from the LZMA header that is *supposed* to contain the decompressed size. Apparently some encoders just overshoot that for no good reason. This patch changes the code such that the actual amount of decompressed bytes is returned. BRANCH=smaug BUG=None TEST=Printed output bytes when decompressing kernels with LZMA in depthcharge, noted that amounts now make sense. Change-Id: Icdd8f782aa87841f770eff4c14a08973530c7446 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 24b2fa8c9a342ca4288dad1430c8965395f00263 Original-Change-Id: Ib4cf8673846aedd34656e594ce7b8ea875b56099 Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/282742 Original-Reviewed-by: Stefan Reinauer <reinauer@google.com> Original-Reviewed-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/10777 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2014-08-10LZMA: Add a version of ulzma which takes the input and output buffer sizes.Gabe Black
This new version is used to implement the version which doesn't take the input and output buffer sizes. Old-Change-Id: I8935024aca0849bc939263d7fc3036c586e63c68 Signed-off-by: Gabe Black <gabeblack@google.com> Reviewed-on: https://gerrit.chromium.org/gerrit/65510 Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@google.com> Tested-by: Gabe Black <gabeblack@chromium.org> Commit-Queue: Gabe Black <gabeblack@chromium.org> (cherry picked from commit 465d167ad2f6a67d0b2c91fb6c68c8f9a09dd395) libpayload: Make lzma truncation non-fatal. If the size the lzma header claims it needs is bigger than the space we have, print a message and continue rather than erroring out. Apparently the encoder is lazy sometimes and just puts a large value there regardless of what the actual size is. This was the original intention for this code, but an outdated version of the patch ended up being submitted. Old-Change-Id: Ibcf7ac0fd4b65ce85377421a4ee67b82d92d29d3 Signed-off-by: Gabe Black <gabeblack@google.com> Reviewed-on: https://gerrit.chromium.org/gerrit/66235 Reviewed-by: Stefan Reinauer <reinauer@google.com> Commit-Queue: Gabe Black <gabeblack@chromium.org> Tested-by: Gabe Black <gabeblack@chromium.org> (cherry picked from commit 30c628eeada274fc8b94f8f69f9df4f33cbfc773) Squashed two related commits and updated the commit message to be more clear. Change-Id: I484b5c1e3809781033d146609a35a9e5e666c8ed Signed-off-by: Isaac Christensen <isaac.christensen@se-eng.com> Reviewed-on: http://review.coreboot.org/6408 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
2013-03-13libpayload: Don't do unaligned accesses during LZMA decompressionGabe Black
Use memcpy to access a uint32_t that's inherently unaligned due to the layout of the LZMA header format. Built and booted on Daisy and saw a data abort go away. Built and booted into developer mode on Link and verified that bitmaps were decompressed/displayed correctly. Change-Id: Id3ae746c04d23bcb0345cb71797bfa219479cc8f Signed-off-by: Gabe Black <gabeblack@google.com> Reviewed-on: http://review.coreboot.org/2670 Tested-by: build bot (Jenkins) Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
2013-03-13libpayload: Make the source for lzma decompression constGabe Black
Change-Id: I9a16331dedc97f17af94bf2cf535a9c93d1729a0 Signed-off-by: Gabe Black <gabeblack@google.com> Reviewed-on: http://review.coreboot.org/2667 Tested-by: build bot (Jenkins) Reviewed-by: Marc Jones <marc.jones@se-eng.com> Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
2011-08-04libpayload: Add liblzma, libcbfsPatrick Georgi
Add cbfs core from coreboot into libpayload, and to support lzma decode, add coreboot's lzma code, too. Carl-Daniel agreed to relicense the lzmadecode wrapper as BSD-l, solving licensing problems. Change-Id: Id28990fe7e951d99447e265a4880d70a8f208dd2 Signed-off-by: Patrick Georgi <patrick.georgi@secunet.com> Reviewed-on: http://review.coreboot.org/115 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Marc Jones <marcj303@gmail.com>