Stefan Reinauer has uploaded this change for review. ( https://review.coreboot.org/c/em100/+/47898 )
Change subject: Update xz to upstream revision 090e6a0 ......................................................................
Update xz to upstream revision 090e6a0
Signed-off-by: Stefan Reinauer stefan.reinauer@coreboot.org Change-Id: I700e7f93d713d3c181125dd751ff84d74fd2efe2 --- M xz/README M xz/xz.h M xz/xz_crc32.c M xz/xz_crc64.c M xz/xz_dec_bcj.c M xz/xz_dec_lzma2.c M xz/xz_lzma2.h M xz/xz_stream.h 8 files changed, 28 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/em100 refs/changes/98/47898/1
diff --git a/xz/README b/xz/README index 6cbf1f0..172e771 100644 --- a/xz/README +++ b/xz/README @@ -1 +1 @@ -These files are unmodified versions of xz-embedded 40d291b. +These files are unmodified versions of xz-embedded 090e6a0. diff --git a/xz/xz.h b/xz/xz.h index 0a4b38d..d24b94a 100644 --- a/xz/xz.h +++ b/xz/xz.h @@ -2,7 +2,7 @@ * XZ decompressor * * Authors: Lasse Collin lasse.collin@tukaani.org - * Igor Pavlov http://7-zip.org/ + * Igor Pavlov https://7-zip.org/ * * This file has been put into the public domain. * You can do whatever you want with this file. @@ -32,7 +32,7 @@ * enum xz_mode - Operation mode * * @XZ_SINGLE: Single-call mode. This uses less RAM than - * than multi-call modes, because the LZMA2 + * multi-call modes, because the LZMA2 * dictionary doesn't need to be allocated as * part of the decoder state. All required data * structures are allocated at initialization, diff --git a/xz/xz_crc32.c b/xz/xz_crc32.c index 34532d1..5627b00 100644 --- a/xz/xz_crc32.c +++ b/xz/xz_crc32.c @@ -2,7 +2,7 @@ * CRC32 using the polynomial from IEEE-802.3 * * Authors: Lasse Collin lasse.collin@tukaani.org - * Igor Pavlov http://7-zip.org/ + * Igor Pavlov https://7-zip.org/ * * This file has been put into the public domain. * You can do whatever you want with this file. diff --git a/xz/xz_crc64.c b/xz/xz_crc64.c index ca1caee..215e04d 100644 --- a/xz/xz_crc64.c +++ b/xz/xz_crc64.c @@ -4,7 +4,7 @@ * This file is similar to xz_crc32.c. See the comments there. * * Authors: Lasse Collin lasse.collin@tukaani.org - * Igor Pavlov http://7-zip.org/ + * Igor Pavlov https://7-zip.org/ * * This file has been put into the public domain. * You can do whatever you want with this file. diff --git a/xz/xz_dec_bcj.c b/xz/xz_dec_bcj.c index a768e6d..72ddac6 100644 --- a/xz/xz_dec_bcj.c +++ b/xz/xz_dec_bcj.c @@ -2,7 +2,7 @@ * Branch/Call/Jump (BCJ) filter decoders * * Authors: Lasse Collin lasse.collin@tukaani.org - * Igor Pavlov http://7-zip.org/ + * Igor Pavlov https://7-zip.org/ * * This file has been put into the public domain. * You can do whatever you want with this file. diff --git a/xz/xz_dec_lzma2.c b/xz/xz_dec_lzma2.c index 156f26f..2deb544 100644 --- a/xz/xz_dec_lzma2.c +++ b/xz/xz_dec_lzma2.c @@ -2,7 +2,7 @@ * LZMA2 decoder * * Authors: Lasse Collin lasse.collin@tukaani.org - * Igor Pavlov http://7-zip.org/ + * Igor Pavlov https://7-zip.org/ * * This file has been put into the public domain. * You can do whatever you want with this file. @@ -387,7 +387,14 @@
*left -= copy_size;
- memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size;
if (dict->full < dict->pos) @@ -397,7 +404,11 @@ if (dict->pos == dict->end) dict->pos = 0;
- memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); }
@@ -421,6 +432,12 @@ if (dict->pos == dict->end) dict->pos = 0;
+ /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } diff --git a/xz/xz_lzma2.h b/xz/xz_lzma2.h index 071d67b..92d852d 100644 --- a/xz/xz_lzma2.h +++ b/xz/xz_lzma2.h @@ -2,7 +2,7 @@ * LZMA2 definitions * * Authors: Lasse Collin lasse.collin@tukaani.org - * Igor Pavlov http://7-zip.org/ + * Igor Pavlov https://7-zip.org/ * * This file has been put into the public domain. * You can do whatever you want with this file. diff --git a/xz/xz_stream.h b/xz/xz_stream.h index 66cb5a7..430bb3a 100644 --- a/xz/xz_stream.h +++ b/xz/xz_stream.h @@ -19,7 +19,7 @@
/* * See the .xz file format specification at - * http://tukaani.org/xz/xz-file-format.txt + * https://tukaani.org/xz/xz-file-format.txt * to understand the container format. */