Hi Kees, On Mon, Aug 12, 2013 at 5:01 PM, Kees Cook <keesc...@chromium.org> wrote: > [sending, now subscribed so mailman won't yell at me] > > This series fixes gzip, lzma, and lzo to not overflow when writing > to output buffers. Without this, it might be possible for untrusted > compressed input to overflow the buffers used to hold the decompressed > image. > > To catch these conditions, I added a series of compression tests available > in the sandbox build. Without the fixes in patches 3, 4, and 5, the > overflows are visible. >
It is on patchwork so I think all is well. BTW I see these warnings that we should fix sometime (not in your code) $ crosfw -b sandbox Configuring for sandbox board... cmd_bootm.c: In function ‘bootm_load_os’: cmd_bootm.c:443:11: warning: passing argument 4 of ‘lzop_decompress’ from incompatible pointer type [enabled by default] /home/sjg/c/src/third_party/u-boot/files/include/linux/lzo.h:31:5: note: expected ‘size_t *’ but argument is of type ‘uint *’ cmd_ximg.c: In function ‘do_imgextract’: cmd_ximg.c:225:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] cmd_ximg.c:225:14: warning: ‘hdr’ may be used uninitialized in this function [-Wuninitialized] Also do you have a diffstat for your cover letter? If you use patman for the cover letter too it should happy automatically. Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot