Stefan Reinauer submitted this change.

View Change

Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, approved 
Update xz to upstream revision 090e6a0

Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Change-Id: I700e7f93d713d3c181125dd751ff84d74fd2efe2
Reviewed-on: https://review.coreboot.org/c/em100/+/47898
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
---
M xz/README
M xz/xz.h
M xz/xz_crc32.c
M xz/xz_crc64.c
M xz/xz_dec_bcj.c
M xz/xz_dec_lzma2.c
M xz/xz_lzma2.h
M xz/xz_stream.h
8 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/xz/README b/xz/README
index 6cbf1f0..172e771 100644
--- a/xz/README
+++ b/xz/README
@@ -1 +1 @@
-These files are unmodified versions of xz-embedded 40d291b.
+These files are unmodified versions of xz-embedded 090e6a0.
diff --git a/xz/xz.h b/xz/xz.h
index 0a4b38d..d24b94a 100644
--- a/xz/xz.h
+++ b/xz/xz.h
@@ -2,7 +2,7 @@
  * XZ decompressor
  *
  * Authors: Lasse Collin <lasse.collin@tukaani.org>
- *          Igor Pavlov <http://7-zip.org/>
+ *          Igor Pavlov <https://7-zip.org/>
  *
  * This file has been put into the public domain.
  * You can do whatever you want with this file.
@@ -32,7 +32,7 @@
  * enum xz_mode - Operation mode
  *
  * @XZ_SINGLE:              Single-call mode. This uses less RAM than
- *                          than multi-call modes, because the LZMA2
+ *                          multi-call modes, because the LZMA2
  *                          dictionary doesn't need to be allocated as
  *                          part of the decoder state. All required data
  *                          structures are allocated at initialization,
diff --git a/xz/xz_crc32.c b/xz/xz_crc32.c
index 34532d1..5627b00 100644
--- a/xz/xz_crc32.c
+++ b/xz/xz_crc32.c
@@ -2,7 +2,7 @@
  * CRC32 using the polynomial from IEEE-802.3
  *
  * Authors: Lasse Collin <lasse.collin@tukaani.org>
- *          Igor Pavlov <http://7-zip.org/>
+ *          Igor Pavlov <https://7-zip.org/>
  *
  * This file has been put into the public domain.
  * You can do whatever you want with this file.
diff --git a/xz/xz_crc64.c b/xz/xz_crc64.c
index ca1caee..215e04d 100644
--- a/xz/xz_crc64.c
+++ b/xz/xz_crc64.c
@@ -4,7 +4,7 @@
  * This file is similar to xz_crc32.c. See the comments there.
  *
  * Authors: Lasse Collin <lasse.collin@tukaani.org>
- *          Igor Pavlov <http://7-zip.org/>
+ *          Igor Pavlov <https://7-zip.org/>
  *
  * This file has been put into the public domain.
  * You can do whatever you want with this file.
diff --git a/xz/xz_dec_bcj.c b/xz/xz_dec_bcj.c
index a768e6d..72ddac6 100644
--- a/xz/xz_dec_bcj.c
+++ b/xz/xz_dec_bcj.c
@@ -2,7 +2,7 @@
  * Branch/Call/Jump (BCJ) filter decoders
  *
  * Authors: Lasse Collin <lasse.collin@tukaani.org>
- *          Igor Pavlov <http://7-zip.org/>
+ *          Igor Pavlov <https://7-zip.org/>
  *
  * This file has been put into the public domain.
  * You can do whatever you want with this file.
diff --git a/xz/xz_dec_lzma2.c b/xz/xz_dec_lzma2.c
index 156f26f..2deb544 100644
--- a/xz/xz_dec_lzma2.c
+++ b/xz/xz_dec_lzma2.c
@@ -2,7 +2,7 @@
  * LZMA2 decoder
  *
  * Authors: Lasse Collin <lasse.collin@tukaani.org>
- *          Igor Pavlov <http://7-zip.org/>
+ *          Igor Pavlov <https://7-zip.org/>
  *
  * This file has been put into the public domain.
  * You can do whatever you want with this file.
@@ -387,7 +387,14 @@
 
 		*left -= copy_size;
 
-		memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size);
+		/*
+		 * If doing in-place decompression in single-call mode and the
+		 * uncompressed size of the file is larger than the caller
+		 * thought (i.e. it is invalid input!), the buffers below may
+		 * overlap and cause undefined behavior with memcpy().
+		 * With valid inputs memcpy() would be fine here.
+		 */
+		memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size);
 		dict->pos += copy_size;
 
 		if (dict->full < dict->pos)
@@ -397,7 +404,11 @@
 			if (dict->pos == dict->end)
 				dict->pos = 0;
 
-			memcpy(b->out + b->out_pos, b->in + b->in_pos,
+			/*
+			 * Like above but for multi-call mode: use memmove()
+			 * to avoid undefined behavior with invalid input.
+			 */
+			memmove(b->out + b->out_pos, b->in + b->in_pos,
 					copy_size);
 		}
 
@@ -421,6 +432,12 @@
 		if (dict->pos == dict->end)
 			dict->pos = 0;
 
+		/*
+		 * These buffers cannot overlap even if doing in-place
+		 * decompression because in multi-call mode dict->buf
+		 * has been allocated by us in this file; it's not
+		 * provided by the caller like in single-call mode.
+		 */
 		memcpy(b->out + b->out_pos, dict->buf + dict->start,
 				copy_size);
 	}
diff --git a/xz/xz_lzma2.h b/xz/xz_lzma2.h
index 071d67b..92d852d 100644
--- a/xz/xz_lzma2.h
+++ b/xz/xz_lzma2.h
@@ -2,7 +2,7 @@
  * LZMA2 definitions
  *
  * Authors: Lasse Collin <lasse.collin@tukaani.org>
- *          Igor Pavlov <http://7-zip.org/>
+ *          Igor Pavlov <https://7-zip.org/>
  *
  * This file has been put into the public domain.
  * You can do whatever you want with this file.
diff --git a/xz/xz_stream.h b/xz/xz_stream.h
index 66cb5a7..430bb3a 100644
--- a/xz/xz_stream.h
+++ b/xz/xz_stream.h
@@ -19,7 +19,7 @@
 
 /*
  * See the .xz file format specification at
- * http://tukaani.org/xz/xz-file-format.txt
+ * https://tukaani.org/xz/xz-file-format.txt
  * to understand the container format.
  */

To view, visit change 47898. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: em100
Gerrit-Branch: master
Gerrit-Change-Id: I700e7f93d713d3c181125dd751ff84d74fd2efe2
Gerrit-Change-Number: 47898
Gerrit-PatchSet: 2
Gerrit-Owner: Stefan Reinauer <stefan.reinauer@coreboot.org>
Gerrit-Reviewer: Angel Pons <th3fanbus@gmail.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer@coreboot.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-MessageType: merged