Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757322AbbDPMK6 (ORCPT ); Thu, 16 Apr 2015 08:10:58 -0400 Received: from vps01.winsoft.pl ([5.133.9.51]:34581 "EHLO vps01.winsoft.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757149AbbDPMKu (ORCPT ); Thu, 16 Apr 2015 08:10:50 -0400 From: Krzysztof Kolasa To: gregkh@linuxfoundation.org, tom.yeon@windriver.com, dsterba@suse.cz, linux@rasmusvillemoes.dk Cc: linux-kernel@vger.kernel.org, Krzysztof Kolasa Subject: [RESEND PATCH v3] lz4: fix system halted at boot kernel x86_64 compressed lz4 Date: Thu, 16 Apr 2015 14:10:34 +0200 Message-Id: <1429186234-10707-1-git-send-email-kkolasa@winsoft.pl> X-Mailer: git-send-email 2.4.0.rc2.dirty Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1929 Lines: 62 Decompression process ends with an error when loading 64bit lz4 kernel: Decoding failed -- System halted This condition is not needed for 64bit kernel from the last commit d5e7cafd69da ("LZ4 : fix the data abort issue") if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value, decompression process is continued. added by analogy to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa --- lib/lz4/lz4_decompress.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index 26cc602..6d940c7 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c @@ -140,8 +140,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else if ((ref + COPYLENGTH) > oend || (op + COPYLENGTH) > oend) +#endif goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -266,7 +270,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ - +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else + if ((ref + COPYLENGTH) > oend || + (op + COPYLENGTH) > oend) +#endif + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) *op++ = *ref++; -- 2.4.0.rc2.dirty -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/