Hello Julius Werner, Daisuke Nojiri, Hung-Te Lin, build bot (Jenkins), Patrick Georgi,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/31606
to look at the new patch set (#3).
Change subject: libpayload: cbfs: Require input size and output size for cbfs_decompress ......................................................................
libpayload: cbfs: Require input size and output size for cbfs_decompress
Currently, cbfs_decompress() calls ulzma() and ulz4f() for LZMA/LZ4 decompression. These two functions don't accept input/output size as parameters. We can make cbfs_decompress more robust by calling ulzman() and ulz4fn() instead. This could prevent us from overflowing destination buffer.
BUG=none BRANCH=none TEST=boot into kernel on Kukui with COMPRESSED_PAYLOAD_LZMA / COMPRESSED_PAYLOAD_LZ4.
Change-Id: Ibe617825bd000ed618791d8e3c5f65bbbd5f7e33 Signed-off-by: You-Cheng Syu youcheng@google.com --- M payloads/libpayload/include/cbfs_core.h M payloads/libpayload/libcbfs/cbfs.c M payloads/libpayload/libcbfs/cbfs_core.c 3 files changed, 17 insertions(+), 10 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/31606/3