From 9cf5fbfaf0ab24340b4e85f1dcd8b7fb52f148cf Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 16 Jul 2014 10:43:44 +0000 Subject: [PATCH] lantiq: re-add 0041-lzma-fixup.patch to uboot Signed-off-by: John Crispin SVN-Revision: 41671 --- .../patches/0041-lzma-fixup.patch | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 package/boot/uboot-lantiq/patches/0041-lzma-fixup.patch diff --git a/package/boot/uboot-lantiq/patches/0041-lzma-fixup.patch b/package/boot/uboot-lantiq/patches/0041-lzma-fixup.patch new file mode 100644 index 0000000000..5b16758fa4 --- /dev/null +++ b/package/boot/uboot-lantiq/patches/0041-lzma-fixup.patch @@ -0,0 +1,44 @@ +From: Antonios Vamporakis +Date: Tue, 31 Dec 2013 01:05:42 +0100 +Subject: [PATCH] lzma: fix buffer bound check error + +Variable uncompressedSize references the space available, while outSizeFull is +the actual expected uncompressed size. Using the wrong value causes LzmaDecode +to return SZ_ERROR_INPUT_EOF. Problem was introduced in commit afca294. While +at it add additional debug message. + +Signed-off-by: Antonios Vamporakis +CC: Kees Cook +CC: Simon Glass +CC: Daniel Schwierzeck +CC: Luka Perkov +--- + lib/lzma/LzmaTools.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/lzma/LzmaTools.c b/lib/lzma/LzmaTools.c +index 0aec2f9..90d31cd 100644 +--- a/lib/lzma/LzmaTools.c ++++ b/lib/lzma/LzmaTools.c +@@ -102,7 +102,7 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize, + return SZ_ERROR_OUTPUT_EOF; + + /* Decompress */ +- outProcessed = *uncompressedSize; ++ outProcessed = outSizeFull; + + WATCHDOG_RESET(); + +@@ -111,6 +111,9 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize, + inStream + LZMA_DATA_OFFSET, &compressedSize, + inStream, LZMA_PROPS_SIZE, LZMA_FINISH_END, &state, &g_Alloc); + *uncompressedSize = outProcessed; ++ ++ debug("LZMA: Uncompresed ................ 0x%zx\n", outProcessed); ++ + if (res != SZ_OK) { + return res; + } +-- +1.8.3.2 +