Daisuke Nojiri has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31564 )
Change subject: libpayload: cbfs: Check decompressed size when loading files.
......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/31564/1/payloads/libpayload/libcbfs/cbfs_cor...
File payloads/libpayload/libcbfs/cbfs_core.c:
https://review.coreboot.org/#/c/31564/1/payloads/libpayload/libcbfs/cbfs_cor...
PS1, Line 259: cbfs_decompress
What is more scary is if the size doesn't match, we can overflow the dest buffer because ...
unsigned long ulzma(const unsigned char *src, unsigned char *dst)
{
return ulzman(src, (unsigned long)(-1), dst, (unsigned long)(-1));
}
--
To view, visit
https://review.coreboot.org/c/coreboot/+/31564
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia756cc5477670dd0d1d8aa59d4160ab4233c6795
Gerrit-Change-Number: 31564
Gerrit-PatchSet: 1
Gerrit-Owner: You-Cheng Syu
youcheng@google.com
Gerrit-Reviewer: Daisuke Nojiri
dnojiri@chromium.org
Gerrit-Reviewer: Hung-Te Lin
hungte@chromium.org
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Nico Huber
nico.h@gmx.de
Gerrit-Reviewer: You-Cheng Syu
youcheng@google.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Sat, 23 Feb 2019 00:22:10 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment