lzma: Port size-checking ulzman() version to coreboot

We've had a second version of ulzma() that would check the input and output buffer sizes in libpayload for a while now. Since it's generally never a bad idea to double-check for overruns, let's port it to coreboot and use it where applicable. (This requires a small fix in the four byte at a time read optimization we only have in coreboot, since it made the stream counter hit the end a little earlier than the algorithm liked and could trigger an assertion.) BRANCH=None BUG=None TEST=Booted Oak, Jerry and Falco. Change-Id: Id566b31dfa896ea1b991badf5a6ad9d075aef987 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/13637 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-02-08 11:46:22 -08:00
parent d189987fc9
commit a25b5d257d
5 changed files with 25 additions and 14 deletions
--- a/src/lib/lzmadecode.c
+++ b/src/lib/lzmadecode.c
@ -29,9 +29,12 @@
 #define kBitModelTotal (1 << kNumBitModelTotalBits)
 #define kNumMoveBits 5

-/* Use 32-bit reads whenever possible to avoid bad flash performance.  */
+/* Use 32-bit reads whenever possible to avoid bad flash performance. Fall back
+ * to byte reads for last 4 bytes since RC_TEST returns an error when BufferLim
+ * is *reached* (not surpassed!), meaning we can't allow that to happen while
+ * there are still bytes to decode from the algorithm's point of view. */
 #define RC_READ_BYTE (look_ahead_ptr < 4 ? look_ahead.raw[look_ahead_ptr++] \
-		      : ((((uintptr_t) Buffer & 3) || ((SizeT) (BufferLim - Buffer) < 4)) ? (*Buffer++) \
+		      : ((((uintptr_t) Buffer & 3) || ((SizeT) (BufferLim - Buffer) <= 4)) ? (*Buffer++) \
 	   : ((look_ahead.dw = *(UInt32 *)Buffer), (Buffer += 4), (look_ahead_ptr = 1), look_ahead.raw[0])))

 #define RC_INIT2 Code = 0; Range = 0xFFFFFFFF; \