[PATCH 1/3] lzo: properly check for overruns
Sascha Hauer
s.hauer at pengutronix.de
Tue Jul 1 23:20:42 PDT 2014
On Tue, Jul 01, 2014 at 11:22:04PM +0200, Holger Schurig wrote:
> Note: this is the same as 206a81c18401c0cde6e579164f752c4b147324ce in
> linux-git.
>
> The lzo decompressor can, if given some really crazy data, possibly
> overrun some variable types. Modify the checking logic to properly
> detect overruns before they happen.
>
> Reported-by: "Don A. Bailey" <donb at securitymouse.com>
> Tested-by: "Don A. Bailey" <donb at securitymouse.com>
> Signed-off-by: Holger Schurig <holgerschurig at gmail.de>
> ---
> lib/lzo/lzo1x_decompress_safe.c | 64 +++++++++++++++++++++++++++--------------
> 1 file changed, 42 insertions(+), 22 deletions(-)
>
> diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
Applied all three lzx patches, thanks
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list