I clearly went too far there: While the LZ4_WILDCOPY() instances indeed
need prior guarding, LZ4_SECURECOPY() needs this only in the 32-bit case
(where it simply aliases LZ4_WILDCOPY()). "cpy" can validly point
(slightly) below "op" in these cases, due to
cpy = op + length - (STEPSIZE - 4);
where length can be as low as 0 and STEPSIZE is 8. However, instead of
removing the check via "#if !LZ4_ARCH64", refine it such that it would
also properly work in the 64-bit case, aborting decompression instead
of continuing on bogus input.
Reported-by: Mark Pryor <pryorm09@gmail.com>
Reported-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Mark Pryor <pryorm09@gmail.com>
Tested-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit:
2d7572cdfa4d481c1ca246aa1ce5239ccae7eb59
master date: 2019-12-09 14:01:25 +0100
(cherry picked from commit
6561994b87af3e9cd28ee99c42e8b2697621687d)
goto _output_error;
continue;
}
- if (unlikely((unsigned long)cpy < (unsigned long)op))
+ if (unlikely((unsigned long)cpy < (unsigned long)op - (STEPSIZE - 4)))
goto _output_error;
LZ4_SECURECOPY(ref, op, cpy);
op = cpy; /* correction */
goto _output_error;
continue;
}
- if (unlikely((unsigned long)cpy < (unsigned long)op))
+ if (unlikely((unsigned long)cpy < (unsigned long)op - (STEPSIZE - 4)))
goto _output_error;
LZ4_SECURECOPY(ref, op, cpy);
op = cpy; /* correction */
projects / xen.git / commitdiff