coreboot-kgpe-d16/payloads/libpayload
Alex Rebert 183ad06f52 libpayload: Fix out-of-bounds read
Fix an out-of-bounds read in the LZMA decoder which happens when the src
buffer is too small to contain the 13-byte LZMA header.

Change-Id: Ie442f82cd1abcf7fa18295e782cccf26a7d30079
Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com>
Found-by: Mayhem
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39033
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-02-24 12:53:25 +00:00
..
arch libpayload: arm64: Keep instruction cache enabled at all times 2020-02-17 15:42:34 +00:00
bin Remove MIPS architecture 2019-11-20 10:10:48 +00:00
configs trogdor: libpayload USB support 2019-12-05 17:57:31 +00:00
crypto payloads: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX) 2019-03-07 17:15:30 +00:00
curses libpayload: Enable -Wimplicit-fallthrough 2019-07-21 17:17:42 +00:00
drivers payloads: Fix typos 2020-02-17 16:01:50 +00:00
gdb libpayload: gdb: Factor out gdb_handle_reentrant_exception() from arm32 2018-10-12 20:17:40 +00:00
include libpayload: arm64: Keep instruction cache enabled at all times 2020-02-17 15:42:34 +00:00
libc payloads: Fix typos 2020-02-17 16:01:50 +00:00
libcbfs printf: Automatically prefix %p with 0x 2019-12-11 11:38:59 +00:00
liblz4 Rename __attribute__((packed)) --> __packed 2017-07-13 19:45:59 +00:00
liblzma libpayload: Fix out-of-bounds read 2020-02-24 12:53:25 +00:00
libpci libpayload: Make pci and endian handling -Wconversion safe 2020-02-05 21:48:36 +00:00
sample Remove MIPS architecture 2019-11-20 10:10:48 +00:00
tests
Doxyfile payloads: Remove/fix trailing whitespace 2018-09-04 12:38:40 +00:00
Kconfig libpayload/drivers/i8042: Remove obsolete flag 2019-12-12 22:03:31 +00:00
LICENSE_GPL
LICENSES
Makefile Makefile: Remove romcc 2019-12-27 08:59:59 +00:00
Makefile.inc Remove MIPS architecture 2019-11-20 10:10:48 +00:00
README payloads/libpayload: Update a Makefile for sample libpayload 2019-06-21 09:16:36 +00:00

-------------------------------------------------------------------------------
libpayload README
-------------------------------------------------------------------------------

libpayload is a minimal library to support standalone payloads
that can be booted with firmware like coreboot. It handles the setup
code, and provides common C library symbols such as malloc() and printf().

Note: This is _not_ a standard library for use with an operating system,
rather it's only useful for coreboot payload development!
See https://www.coreboot.org for details on coreboot.


Installation
------------

 $ git clone https://review.coreboot.org/coreboot.git

 $ cd coreboot/payloads/libpayload

 $ make menuconfig

 $ make

 $ make install (optional, will install into ./install per default)

On x86 systems, libpayload will always be 32-bit even if your host OS runs
in 64-bit, so you might have to install the 32-bit libgcc version.
On Debian systems you'd do 'apt-get install gcc-multilib' for example.

Run 'make distclean' before switching boards. This command will remove
your current .config file, so you need 'make menuconfig' again or
'make defconfig' in order to set up configuration. Default configuration
is based on 'configs/defconfig'. See the configs/ directory for examples
of configuration.


Usage
-----

Here's an example of a very simple payload (hello.c) and how to build it:

 #include <libpayload.h>

 int main(void)
 {
     printf("Hello, world!\n");
     return 0;
 }

Building the payload using the 'lpgcc' compiler wrapper:

 $ lpgcc -o hello.elf hello.c

Please see the sample/ directory for details.


Website and Mailing List
------------------------

The main website is https://www.coreboot.org/Libpayload.

For additional information, patches, and discussions, please join the
coreboot mailing list at https://www.coreboot.org/Mailinglist, where most
libpayload developers are subscribed.


Copyright and License
---------------------

See LICENSES.