diff options
| author | Sean Anderson <seanga2@gmail.com> | 2023-11-04 16:37:43 -0400 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2023-11-16 12:43:48 -0500 |
| commit | 57d3da6fee1d4d8691a74d9b7bb5b7bc0d4e4e63 (patch) | |
| tree | 90c228d2d71b95eec6b4cbdd1db57c07bb923fa9 /common/spl/spl_legacy.c | |
| parent | cdc0434ac06ad5cc0cb8361dcd5d4ab72a8db0c7 (diff) | |
spl: legacy: Honor bl_len when decompressing
When allocating a buffer to load compressed data into, we need to ensure we
have enough space for over- and under-flow due to alignment. Otherwise we
will clobber the malloc bookkeeping data. Calculate the correct amount of
overhead and use it when determining the size.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Diffstat (limited to 'common/spl/spl_legacy.c')
| -rw-r--r-- | common/spl/spl_legacy.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/common/spl/spl_legacy.c b/common/spl/spl_legacy.c index 51656fb9617..9189576b774 100644 --- a/common/spl/spl_legacy.c +++ b/common/spl/spl_legacy.c @@ -133,25 +133,31 @@ int spl_load_legacy_img(struct spl_image_info *spl_image, map_sysmem(spl_image->load_addr, spl_image->size)); break; - case IH_COMP_LZMA: + case IH_COMP_LZMA: { + ulong overhead, size; + lzma_len = LZMA_LEN; /* dataptr points to compressed payload */ - dataptr = offset + sizeof(*hdr); + dataptr = ALIGN_DOWN(sizeof(*hdr), load->bl_len); + overhead = sizeof(*hdr) - dataptr; + size = ALIGN(spl_image->size + overhead, load->bl_len); + dataptr += offset; debug("LZMA: Decompressing %08lx to %08lx\n", dataptr, spl_image->load_addr); - src = malloc(spl_image->size); + src = malloc(size); if (!src) { printf("Unable to allocate %d bytes for LZMA\n", spl_image->size); return -ENOMEM; } - load->read(load, dataptr, spl_image->size, src); + load->read(load, dataptr, size, src); ret = lzmaBuffToBuffDecompress(map_sysmem(spl_image->load_addr, spl_image->size), - &lzma_len, src, spl_image->size); + &lzma_len, src + overhead, + spl_image->size); if (ret) { printf("LZMA decompression error: %d\n", ret); return ret; @@ -159,7 +165,7 @@ int spl_load_legacy_img(struct spl_image_info *spl_image, spl_image->size = lzma_len; break; - + } default: debug("Compression method %s is not supported\n", genimg_get_comp_short_name(image_get_comp(hdr))); |