70282aece0
Fix two out-of-bounds reads in lz4 decompression: 1) LZ4_decompress_generic could read one byte past the input buffer when decoding variable length literals due to a missing bounds check. This issue was resolved in libpayload, commonlib and cbfstool 2) ulz4fn could read up to 4 bytes past the input buffer when reading a lz4_block_header due to a missing bounds check. This issue was resolved in libpayload and commonlib. Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com> Found-by: Mayhem Reviewed-on: https://review.coreboot.org/c/coreboot/+/39174 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> |
||
---|---|---|
.. | ||
LICENSE | ||
Makefile | ||
README.md | ||
liblz4.pc.in | ||
lz4.c | ||
lz4.h | ||
lz4frame.c | ||
lz4frame.h | ||
lz4frame_static.h | ||
lz4hc.c | ||
lz4hc.h | ||
xxhash.c | ||
xxhash.h |
README.md
LZ4 - Library Files
The lib directory contains several files, but you don't necessarily need them all.
To integrate fast LZ4 compression/decompression into your program, you basically just need "lz4.c" and "lz4.h".
For more compression at the cost of compression speed (while preserving decompression speed), use lz4hc on top of regular lz4. lz4hc
only provides compression functions. It also needs lz4
to compile properly.
If you want to produce files or data streams compatible with lz4
command line utility, use lz4frame. This library encapsulates lz4-compressed blocks into the official interoperable frame format. In order to work properly, lz4frame needs lz4 and lz4hc, and also xxhash, which provides error detection algorithm.
(Advanced stuff : It's possible to hide xxhash symbols into a local namespace. This is what liblz4
does, to avoid symbol duplication in case a user program would link to several libraries containing xxhash symbols.)
A more complex "lz4frame_static.h" is also provided, although its usage is not recommended. It contains definitions which are not guaranteed to remain stable within future versions. Use for static linking only.
The other files are not source code. There are :
- LICENSE : contains the BSD license text
- Makefile : script to compile or install lz4 library (static or dynamic)
- liblz4.pc.in : for pkg-config (make install)