coreboot-kgpe-d16/payloads/libpayload
Alex Rebert 70282aece0 lz4: Fix out-of-bounds reads
Fix two out-of-bounds reads in lz4 decompression:

1) LZ4_decompress_generic could read one byte past the input buffer when
decoding variable length literals due to a missing bounds check. This
issue was resolved in libpayload, commonlib and cbfstool

2) ulz4fn could read up to 4 bytes past the input buffer when reading a
lz4_block_header due to a missing bounds check. This issue was resolved
in libpayload and commonlib.

Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc
Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com>
Found-by: Mayhem
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39174
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-03-02 15:03:03 +00:00
..
arch libpayload: arm64: Keep instruction cache enabled at all times 2020-02-17 15:42:34 +00:00
bin Remove MIPS architecture 2019-11-20 10:10:48 +00:00
configs trogdor: libpayload USB support 2019-12-05 17:57:31 +00:00
crypto payloads: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX) 2019-03-07 17:15:30 +00:00
curses libpayload: Enable -Wimplicit-fallthrough 2019-07-21 17:17:42 +00:00
drivers treewide: capitalize 'USB' 2020-02-26 17:06:40 +00:00
gdb
include treewide: capitalize 'USB' 2020-02-26 17:06:40 +00:00
libc payloads: Fix typos 2020-02-17 16:01:50 +00:00
libcbfs libpayload: cbfs: fix infinite loop in cbfs_get_{handle,attr} 2020-03-02 15:00:24 +00:00
liblz4 lz4: Fix out-of-bounds reads 2020-03-02 15:03:03 +00:00
liblzma libpayload: Fix out-of-bounds read 2020-02-24 12:53:25 +00:00
libpci libpayload: Make pci and endian handling -Wconversion safe 2020-02-05 21:48:36 +00:00
sample Remove MIPS architecture 2019-11-20 10:10:48 +00:00
tests
Doxyfile
Kconfig libpayload/drivers/i8042: Remove obsolete flag 2019-12-12 22:03:31 +00:00
LICENSES
LICENSE_GPL
Makefile Makefile: Remove romcc 2019-12-27 08:59:59 +00:00
Makefile.inc Remove MIPS architecture 2019-11-20 10:10:48 +00:00
README payloads/libpayload: Update a Makefile for sample libpayload 2019-06-21 09:16:36 +00:00

README

-------------------------------------------------------------------------------
libpayload README
-------------------------------------------------------------------------------

libpayload is a minimal library to support standalone payloads
that can be booted with firmware like coreboot. It handles the setup
code, and provides common C library symbols such as malloc() and printf().

Note: This is _not_ a standard library for use with an operating system,
rather it's only useful for coreboot payload development!
See https://www.coreboot.org for details on coreboot.


Installation
------------

 $ git clone https://review.coreboot.org/coreboot.git

 $ cd coreboot/payloads/libpayload

 $ make menuconfig

 $ make

 $ make install (optional, will install into ./install per default)

On x86 systems, libpayload will always be 32-bit even if your host OS runs
in 64-bit, so you might have to install the 32-bit libgcc version.
On Debian systems you'd do 'apt-get install gcc-multilib' for example.

Run 'make distclean' before switching boards. This command will remove
your current .config file, so you need 'make menuconfig' again or
'make defconfig' in order to set up configuration. Default configuration
is based on 'configs/defconfig'. See the configs/ directory for examples
of configuration.


Usage
-----

Here's an example of a very simple payload (hello.c) and how to build it:

 #include <libpayload.h>

 int main(void)
 {
     printf("Hello, world!\n");
     return 0;
 }

Building the payload using the 'lpgcc' compiler wrapper:

 $ lpgcc -o hello.elf hello.c

Please see the sample/ directory for details.


Website and Mailing List
------------------------

The main website is https://www.coreboot.org/Libpayload.

For additional information, patches, and discussions, please join the
coreboot mailing list at https://www.coreboot.org/Mailinglist, where most
libpayload developers are subscribed.


Copyright and License
---------------------

See LICENSES.