[coreboot] Patch set updated for coreboot: 3a950ab lib: Prevent unaligned memory access and fix endianess in LZMA decode library.
Hung-Te Lin (hungte@chromium.org)
gerrit at coreboot.org
Fri Feb 1 05:44:46 CET 2013
Hung-Te Lin (hungte at chromium.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/2246
-gerrit
commit 3a950ab119a28d545ff4fd45805f9e67ebe8e3a8
Author: Hung-Te Lin <hungte at chromium.org>
Date: Thu Jan 31 12:14:46 2013 +0800
lib: Prevent unaligned memory access and fix endianess in LZMA decode library.
LZMA decode library used to retrieve output size by:
outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE);
'src' is aligned but LZMA_PROPERTIES_SIZE may refer to an unaligned address like
src+5, and using that as integer pointer may fail on platforms like ARM. Also
this will fail on systems using big-endian (outSize was encoded in
little-endian).
To fix this, reconstruct outSize in little-endian way.
Change-Id: If678e735cb270c3e5e29f36f1fad318096bf7d59
Signed-off-by: Hung-Te Lin <hungte at chromium.org>
---
src/lib/lzma.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/lib/lzma.c b/src/lib/lzma.c
index f0b88c1..cd60b3f 100644
--- a/src/lib/lzma.c
+++ b/src/lib/lzma.c
@@ -29,9 +29,15 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst)
#endif
/* in pre-ram, it must go on the stack */
unsigned char scratchpad[15980];
+ unsigned char *cp;
memcpy(properties, src, LZMA_PROPERTIES_SIZE);
- outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE);
+ /* The outSize in LZMA stream is a 64bit integer stored in little-endian
+ * (ref: lzma.cc at LZMACompress: put_64). To prevent accessing by
+ * unaligned memory address and to load in correct endianess, read each
+ * byte and re-costruct. */
+ cp = src + LZMA_PROPERTIES_SIZE;
+ outSize = cp[3] << 24 | cp[2] << 16 | cp[1] << 8 | cp[0];
if (LzmaDecodeProperties(&state.Properties, properties, LZMA_PROPERTIES_SIZE) != LZMA_RESULT_OK) {
printk(BIOS_WARNING, "lzma: Incorrect stream properties.\n");
return 0;
More information about the coreboot
mailing list