diff mbox series

[3/3] lz4: fix system halt at boot kernel on x86_64

Message ID a720d5d3-f5a0-0fd2-a6a7-5f6101dcf9cb@suse.com (mailing list archive)
State New, archived
Headers show
Series lz4: misc fixes / adjustments | expand

Commit Message

Jan Beulich Dec. 5, 2019, 7:31 a.m. UTC 
From: Krzysztof Kolasa <kkolasa@winsoft.pl>

Sometimes, on x86_64, decompression fails with the following
error:

Decompressing Linux...

Decoding failed

 -- System halted

This condition is not needed for a 64bit kernel(from commit d5e7caf):

if( ... ||
    (op + COPYLENGTH) > oend)
    goto _output_error

macro LZ4_SECURE_COPY() tests op and does not copy any data
when op exceeds the value.

added by analogy to lz4_uncompress_unknownoutputsize(...)

Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
[Linux commit 99b7e93c95c78952724a9783de6c78def8fbfc3f]

The offending commit in our case is fcc17f96c277 ("LZ4 : fix the data
abort issue").

Signed-off-by: Jan Beulich <jbeulich@suse.com>
diff mbox series

Patch

--- a/xen/common/lz4/decompress.c
+++ b/xen/common/lz4/decompress.c
@@ -133,8 +133,12 @@  static int INIT lz4_uncompress(const uns
 			/* Error: request to write beyond destination buffer */
 			if (cpy > oend)
 				goto _output_error;
+#if LZ4_ARCH64
+			if ((ref + COPYLENGTH) > oend)
+#else
 			if ((ref + COPYLENGTH) > oend ||
 					(op + COPYLENGTH) > oend)
+#endif
 				goto _output_error;
 			LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
 			while (op < cpy)
@@ -262,7 +266,13 @@  static int lz4_uncompress_unknownoutputs
 		if (cpy > oend - COPYLENGTH) {
 			if (cpy > oend)
 				goto _output_error; /* write outside of buf */
-
+#if LZ4_ARCH64
+			if ((ref + COPYLENGTH) > oend)
+#else
+			if ((ref + COPYLENGTH) > oend ||
+					(op + COPYLENGTH) > oend)
+#endif
+				goto _output_error;
 			LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
 			while (op < cpy)
 				*op++ = *ref++;