projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6c7d2db) | patch
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
authorLasse Collin <lasse.collin@tukaani.org>
Sun, 10 Oct 2021 21:31:39 +0000 (05:31 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 26 Nov 2021 10:48:30 +0000 (11:48 +0100)
commit9cea212f2ceec5ae4ec83aa01b0a1caf05ea5506
tree8d29fd44210e226f34fbc76157e6761ae8b01d3atree | snapshot (tar.gz zip)
parent6c7d2db717d68e5a77d4ec0e0e9400f4c010b151commit | diff
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression

[ Upstream commit 83d3c4f22a36d005b55f44628f46cc0d319a75e8 ]

With valid files, the safety margin described in lib/decompress_unxz.c
ensures that these buffers cannot overlap. But if the uncompressed size
of the input is larger than the caller thought, which is possible when
the input file is invalid/corrupt, the buffers can overlap. Obviously
the result will then be garbage (and usually the decoder will return
an error too) but no other harm will happen when such an over-run occurs.

This change only affects uncompressed LZMA2 chunks and so this
should have no effect on performance.

Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org
Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
lib/decompress_unxz.c diff | blob | blame | history
lib/xz/xz_dec_lzma2.c diff | blob | blame | history