We've had a second version of ulzma() that would check the input and output buffer sizes in libpayload for a while now. Since it's generally never a bad idea to double-check for overruns, let's port it to coreboot and use it where applicable. (This requires a small fix in the four byte at a time read optimization we only have in coreboot, since it made the stream counter hit the end a little earlier than the algorithm liked and could trigger an assertion.)
BRANCH=None BUG=None TEST=Booted Oak, Jerry and Falco.
Change-Id: Id566b31dfa896ea1b991badf5a6ad9d075aef987
a25b5d2 lzma: Port size-checking ulzman() version to coreboot
src/include/lib.h | 5 +++--
src/lib/lzma.c | 17 ++++++++++++-----
src/lib/lzmadecode.c | 7 +++++--
src/lib/rmodule.c | 2 +-
src/lib/selfboot.c | 8 ++++----
5 files changed, 25 insertions(+), 14 deletions(-)
Upstream: review.coreboot.org