[PATCH 1/3] lzo: properly check for overruns

Sascha Hauer s.hauer at pengutronix.de
Tue Jul 1 23:20:42 PDT 2014


On Tue, Jul 01, 2014 at 11:22:04PM +0200, Holger Schurig wrote:
> Note: this is the same as 206a81c18401c0cde6e579164f752c4b147324ce in
> linux-git.
> 
> The lzo decompressor can, if given some really crazy data, possibly
> overrun some variable types.  Modify the checking logic to properly
> detect overruns before they happen.
> 
> Reported-by: "Don A. Bailey" <donb at securitymouse.com>
> Tested-by: "Don A. Bailey" <donb at securitymouse.com>
> Signed-off-by: Holger Schurig <holgerschurig at gmail.de>
> ---
>  lib/lzo/lzo1x_decompress_safe.c | 64 +++++++++++++++++++++++++++--------------
>  1 file changed, 42 insertions(+), 22 deletions(-)
> 
> diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c

Applied all three lzx patches, thanks

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the barebox mailing list