coreboot-kgpe-d16/payloads
Alex Rebert 70282aece0 lz4: Fix out-of-bounds reads
Fix two out-of-bounds reads in lz4 decompression:

1) LZ4_decompress_generic could read one byte past the input buffer when
decoding variable length literals due to a missing bounds check. This
issue was resolved in libpayload, commonlib and cbfstool

2) ulz4fn could read up to 4 bytes past the input buffer when reading a
lz4_block_header due to a missing bounds check. This issue was resolved
in libpayload and commonlib.

Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc
Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com>
Found-by: Mayhem
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39174
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-03-02 15:03:03 +00:00
..
coreinfo payloads: Fix typos 2020-02-17 16:01:50 +00:00
external payloads/tianocore: Enable PS2 keyboard module 2020-02-29 16:51:54 +00:00
libpayload lz4: Fix out-of-bounds reads 2020-03-02 15:03:03 +00:00
linuxcheck Makefile.inc, payloads: Enable -Wvla 2019-08-20 20:57:01 +00:00
nvramcui Makefile.inc, payloads: Enable -Wvla 2019-08-20 20:57:01 +00:00
Kconfig cbfs: allow uncompressed payloads 2020-02-22 22:38:27 +00:00
Makefile.inc