erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/src
History
Alex Rebert 70282aece0 lz4: Fix out-of-bounds reads 
Fix two out-of-bounds reads in lz4 decompression:

1) LZ4_decompress_generic could read one byte past the input buffer when
decoding variable length literals due to a missing bounds check. This
issue was resolved in libpayload, commonlib and cbfstool

2) ulz4fn could read up to 4 bytes past the input buffer when reading a
lz4_block_header due to a missing bounds check. This issue was resolved
in libpayload and commonlib.

Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc
Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com>
Found-by: Mayhem
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39174
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-03-02 15:03:03 +00:00
..
acpi src/acpi: Update license headers to SPDX 2020-01-02 14:49:00 +00:00
arch acpi: Bump FADT to revision 6 2020-03-02 11:48:11 +00:00
commonlib lz4: Fix out-of-bounds reads 2020-03-02 15:03:03 +00:00
console console/post: NOPOST means NOPOST 2020-01-18 10:53:08 +00:00
cpu cpu/Kconfig: Remove old reference to ROMCC 2020-02-24 14:24:34 +00:00
device device/Kconfig: select linear framebuffer for Tianocore 2020-02-24 13:10:47 +00:00
drivers drivers/i2c/at24rf08c: Format according to coding style 2020-03-02 11:46:29 +00:00
ec ec/google/chromeec: Introduce SKU_ID helpers 2020-02-28 00:02:35 +00:00
include include/stdint.h: Remove old reference to ROMCC 2020-02-25 10:17:49 +00:00
lib lib/lzma: Fix out-of-bounds read 2020-02-25 10:13:51 +00:00
mainboard mb/google/kohaku: Add LPDDR 16G 2133 support 2020-03-02 11:53:06 +00:00
northbridge nb/intel/sandybridge: Fix VBOOT 2020-03-02 11:49:03 +00:00
security treewide: Capitalize 'CMOS' 2020-02-24 14:10:00 +00:00
soc soc/intel/apollolake: Fix flashconsole, again 2020-03-02 11:49:50 +00:00
southbridge treewide: capitalize 'USB' 2020-02-26 17:06:40 +00:00
superio superio/nuvoton/npcd378: Switch to superio/common 2020-03-02 10:19:44 +00:00
vendorcode vendorcode/intel/fsp/fsp2_0: Add FSP header files for Skylake-SP 2020-03-02 11:44:47 +00:00
Kconfig treewide: Capitalize 'CMOS' 2020-02-24 14:10:00 +00:00