70282aece0
Fix two out-of-bounds reads in lz4 decompression: 1) LZ4_decompress_generic could read one byte past the input buffer when decoding variable length literals due to a missing bounds check. This issue was resolved in libpayload, commonlib and cbfstool 2) ulz4fn could read up to 4 bytes past the input buffer when reading a lz4_block_header due to a missing bounds check. This issue was resolved in libpayload and commonlib. Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com> Found-by: Mayhem Reviewed-on: https://review.coreboot.org/c/coreboot/+/39174 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> |
||
|---|---|---|
| .. | ||
| console | ||
| flashmap | ||
| lz4 | ||
| lzma | ||
| EXAMPLE | ||
| Makefile | ||
| Makefile.inc | ||
| ProcessorBind.h | ||
| amdcompress.c | ||
| cbfs-mkpayload.c | ||
| cbfs-mkstage.c | ||
| cbfs-payload-linux.c | ||
| cbfs.h | ||
| cbfs_image.c | ||
| cbfs_image.h | ||
| cbfs_sections.c | ||
| cbfs_sections.h | ||
| cbfscomptool.c | ||
| cbfstool.c | ||
| coff.h | ||
| common.c | ||
| common.h | ||
| compress.c | ||
| default-x86.fmd | ||
| default.fmd | ||
| description.md | ||
| elf.h | ||
| elfheaders.c | ||
| elfparsing.h | ||
| fdt.h | ||
| fit.c | ||
| fit.h | ||
| flashmap_tests.c | ||
| fmap_from_fmd.c | ||
| fmap_from_fmd.h | ||
| fmaptool.c | ||
| fmd.c | ||
| fmd.h | ||
| fmd_parser.c_shipped | ||
| fmd_parser.h_shipped | ||
| fmd_parser.y | ||
| fmd_scanner.c_shipped | ||
| fmd_scanner.h_shipped | ||
| fmd_scanner.l | ||
| fv.h | ||
| ifittool.c | ||
| ifwitool.c | ||
| linux.h | ||
| linux_trampoline.S | ||
| linux_trampoline.c | ||
| linux_trampoline.h | ||
| option.h | ||
| partitioned_file.c | ||
| partitioned_file.h | ||
| rmodtool.c | ||
| rmodule.c | ||
| rmodule.h | ||
| swab.h | ||
| xdr.c | ||