Hung-Te Lin ([email protected]) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/2246
-gerrit commit 120bd66b5ffbc7ca52a7255191d1c3025c6a2803 Author: Hung-Te Lin <[email protected]> Date: Thu Jan 31 12:14:46 2013 +0800 lib: Prevent unaligned memory access and fix endianess in LZMA decode library. LZMA decode library used to retrieve output size by: outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE); 'src' is aligned but LZMA_PROPERTIES_SIZE may refer to an unaligned address like src+5, and using that as integer pointer may fail on platforms like ARM. Also this will fail on systems using big-endian (outSize was encoded in little-endian). To fix this, reconstruct outSize in little-endian way. Change-Id: If678e735cb270c3e5e29f36f1fad318096bf7d59 Signed-off-by: Hung-Te Lin <[email protected]> --- src/lib/lzma.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/lzma.c b/src/lib/lzma.c index f0b88c1..7a62b84 100644 --- a/src/lib/lzma.c +++ b/src/lib/lzma.c @@ -29,9 +29,15 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst) #endif /* in pre-ram, it must go on the stack */ unsigned char scratchpad[15980]; + unsigned char *cp; memcpy(properties, src, LZMA_PROPERTIES_SIZE); - outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE); + /* The outSize in LZMA stream is a 64bit integer stored in little-endian + * (ref: lzma.cc@LZMACompress: put_64). To prevent accessing by + * unaligned memory access and to load endianess correctly, read each + * byte and re-costruct. */ + cp = src + LZMA_PROPERTIES_SIZE; + outSize = cp[3] << 24 | cp[2] << 16 | cp[1] << 8 | cp[0]; if (LzmaDecodeProperties(&state.Properties, properties, LZMA_PROPERTIES_SIZE) != LZMA_RESULT_OK) { printk(BIOS_WARNING, "lzma: Incorrect stream properties.\n"); return 0; -- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
