Add local size_t variable to crypto_comp_decompress as intermediate
storage for destination length to avoid memory corruption and incorrect
results on 64 bit targets.
This is what linux does for the various lz compression implementations.
Signed-off-by: Paul Davey <paul.da...@alliedtelesis.co.nz>
Cc: Heiko Schocher <h...@denx.de>
---
When attempting to use ubifs on a MIPS64 platform I found that it would fail
decompression for the file I was attempting to load.
Further investigation found that this was due to the pointer cast from unsigned
int * to size_t * in the decompression wrapper. This will cause any big endian
64 bit platform to fail to load any ubifs file that requires decompression and
at least cause little endian 64 bit platforms to silently write 0 over 4 bytes
of stack memory.
fs/ubifs/ubifs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
index 47fa41ad1dd..d5101d3c459 100644
--- a/fs/ubifs/ubifs.c
+++ b/fs/ubifs/ubifs.c
@@ -125,6 +125,7 @@ crypto_comp_decompress(const struct ubifs_info *c, struct
crypto_comp *tfm,
{
struct ubifs_compressor *compr = ubifs_compressors[tfm->compressor];
int err;
+ size_t tmp_len = *dlen;
if (compr->compr_type == UBIFS_COMPR_NONE) {
memcpy(dst, src, slen);
@@ -132,11 +133,12 @@ crypto_comp_decompress(const struct ubifs_info *c, struct
crypto_comp *tfm,
return 0;
}
- err = compr->decompress(src, slen, dst, (size_t *)dlen);
+ err = compr->decompress(src, slen, dst, &tmp_len);
if (err)
ubifs_err(c, "cannot decompress %d bytes, compressor %s, "
"error %d", slen, compr->name, err);
+ *dlen = tmp_len;
return err;
return 0;
--
2.19.1
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
