Hi Kees,
On Mon, Aug 12, 2013 at 5:01 PM, Kees Cook keesc...@chromium.org wrote:
[sending, now subscribed so mailman won't yell at me]
This series fixes gzip, lzma, and lzo to not overflow when writing
to output buffers. Without this, it might be possible for untrusted
compressed input to overflow the buffers used to hold the decompressed
image.
To catch these conditions, I added a series of compression tests available
in the sandbox build. Without the fixes in patches 3, 4, and 5, the
overflows are visible.
It is on patchwork so I think all is well. BTW I see these warnings
that we should fix sometime (not in your code)
$ crosfw -b sandbox
Configuring for sandbox board...
cmd_bootm.c: In function ‘bootm_load_os’:
cmd_bootm.c:443:11: warning: passing argument 4 of ‘lzop_decompress’
from incompatible pointer type [enabled by default]
/home/sjg/c/src/third_party/u-boot/files/include/linux/lzo.h:31:5:
note: expected ‘size_t *’ but argument is of type ‘uint *’
cmd_ximg.c: In function ‘do_imgextract’:
cmd_ximg.c:225:6: warning: cast to pointer from integer of different
size [-Wint-to-pointer-cast]
cmd_ximg.c:225:14: warning: ‘hdr’ may be used uninitialized in this
function [-Wuninitialized]
Also do you have a diffstat for your cover letter? If you use patman
for the cover letter too it should happy automatically.
Regards,
Simon
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
