[coreboot-gerrit] Change in coreboot[master]: lz4: Fix out-of-bounds reads

3 Mar 2020


      Alexandre Rebert has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39174 )
Change subject: lz4: Fix out-of-bounds reads
......................................................................
Patch Set 2:
...
Patch Set 2:
Can you please upstream the lz4.c.inc stuff to https://github.com/lz4/lz4 if you haven't already. I'd prefer not to diverge from there.
Upstream actually has a patch for this issue already. They refactored that loop (and others) in a read_variable_length function at https://github.com/lz4/lz4/blob/dev/lib/lz4.c#L1630, which has a pre-loop check like the one I added.
In terms of divergence, it seems like upstream changed quite a bit since it was pulled into coreboot. I considered pulling from upstream, but given that coreboot also made modifications to lz4.c.inc and that I'm fairly new to coreboot, I was a bit hesitant to generate a large patch. I can give it a shot if you'd like though.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/39174
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc
Gerrit-Change-Number: 39174
Gerrit-PatchSet: 2
Gerrit-Owner: Alexandre Rebert alexandre.rebert@gmail.com
Gerrit-Reviewer: Alexandre Rebert alexandre.rebert@gmail.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Tue, 03 Mar 2020 22:59:55 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
Gerrit-MessageType: comment

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: lz4: Fix out-of-bounds reads