diff options
| author | Krzysztof Kolasa <kkolasa@winsoft.pl> | 2015-05-03 23:58:59 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-05-24 14:56:29 -0400 |
| commit | 99b7e93c95c78952724a9783de6c78def8fbfc3f (patch) | |
| tree | fdd2c8f93ef829138eab5f76391851cd49cbe9cb | |
| parent | 61a590fa67ac3c897e7c21fd75a5c85a4671b384 (diff) | |
lz4: fix system halt at boot kernel on x86_64
Sometimes, on x86_64, decompression fails with the following
error:
Decompressing Linux...
Decoding failed
-- System halted
This condition is not needed for a 64bit kernel(from commit d5e7caf):
if( ... ||
(op + COPYLENGTH) > oend)
goto _output_error
macro LZ4_SECURE_COPY() tests op and does not copy any data
when op exceeds the value.
added by analogy to lz4_uncompress_unknownoutputsize(...)
Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Alexander Kuleshov <kuleshovmail@gmail.com>
Tested-by: Caleb Jorden <cjorden@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | lib/lz4/lz4_decompress.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index 26cc6029b280..6d940c72b5fc 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c | |||
| @@ -140,8 +140,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) | |||
| 140 | /* Error: request to write beyond destination buffer */ | 140 | /* Error: request to write beyond destination buffer */ |
| 141 | if (cpy > oend) | 141 | if (cpy > oend) |
| 142 | goto _output_error; | 142 | goto _output_error; |
| 143 | #if LZ4_ARCH64 | ||
| 144 | if ((ref + COPYLENGTH) > oend) | ||
| 145 | #else | ||
| 143 | if ((ref + COPYLENGTH) > oend || | 146 | if ((ref + COPYLENGTH) > oend || |
| 144 | (op + COPYLENGTH) > oend) | 147 | (op + COPYLENGTH) > oend) |
| 148 | #endif | ||
| 145 | goto _output_error; | 149 | goto _output_error; |
| 146 | LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); | 150 | LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); |
| 147 | while (op < cpy) | 151 | while (op < cpy) |
| @@ -266,7 +270,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, | |||
| 266 | if (cpy > oend - COPYLENGTH) { | 270 | if (cpy > oend - COPYLENGTH) { |
| 267 | if (cpy > oend) | 271 | if (cpy > oend) |
| 268 | goto _output_error; /* write outside of buf */ | 272 | goto _output_error; /* write outside of buf */ |
| 269 | 273 | #if LZ4_ARCH64 | |
| 274 | if ((ref + COPYLENGTH) > oend) | ||
| 275 | #else | ||
| 276 | if ((ref + COPYLENGTH) > oend || | ||
| 277 | (op + COPYLENGTH) > oend) | ||
| 278 | #endif | ||
| 279 | goto _output_error; | ||
| 270 | LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); | 280 | LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); |
| 271 | while (op < cpy) | 281 | while (op < cpy) |
| 272 | *op++ = *ref++; | 282 | *op++ = *ref++; |