Ronald G. Minnich ([email protected]) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/2246
-gerrit commit 1ead10d4f4718bede6279db834eb3d34960749e2 Author: Hung-Te Lin <[email protected]> Date: Thu Jan 31 12:14:46 2013 +0800 lib: Prevent unaligned memory access in LZMA decode library. LZMA decode library used to retrieve output size by: outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE); 'src' is aligned but LZMA_PROPERTIES_SIZE may refer to an unaligned address like src+5, and using that as integer pointer may fail on platforms like ARM. To fix this, use memcpy to copy into aligned variable outSize. Change-Id: If678e735cb270c3e5e29f36f1fad318096bf7d59 Signed-off-by: Hung-Te Lin <[email protected]> --- src/lib/lzma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/lzma.c b/src/lib/lzma.c index f0b88c1..a2d91d1 100644 --- a/src/lib/lzma.c +++ b/src/lib/lzma.c @@ -31,7 +31,8 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst) unsigned char scratchpad[15980]; memcpy(properties, src, LZMA_PROPERTIES_SIZE); - outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE); + /* Do memcpy to prevent unaligned memory access. */ + memcpy(&outSize, src + LZMA_PROPERTIES_SIZE, sizeof(outSize)); if (LzmaDecodeProperties(&state.Properties, properties, LZMA_PROPERTIES_SIZE) != LZMA_RESULT_OK) { printk(BIOS_WARNING, "lzma: Incorrect stream properties.\n"); return 0; -- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
