lzma: Port size-checking ulzman() version to coreboot
We've had a second version of ulzma() that would check the input and
output buffer sizes in libpayload for a while now. Since it's generally
never a bad idea to double-check for overruns, let's port it to coreboot
and use it where applicable. (This requires a small fix in the four byte
at a time read optimization we only have in coreboot, since it made the
stream counter hit the end a little earlier than the algorithm liked and
could trigger an assertion.)
BRANCH=None
BUG=None
TEST=Booted Oak, Jerry and Falco.
Change-Id: Id566b31dfa896ea1b991badf5a6ad9d075aef987
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/13637
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
diff --git a/src/lib/lzmadecode.c b/src/lib/lzmadecode.c
index ada7226..fbf1596 100644
--- a/src/lib/lzmadecode.c
+++ b/src/lib/lzmadecode.c
@@ -29,9 +29,12 @@
#define kBitModelTotal (1 << kNumBitModelTotalBits)
#define kNumMoveBits 5
-/* Use 32-bit reads whenever possible to avoid bad flash performance. */
+/* Use 32-bit reads whenever possible to avoid bad flash performance. Fall back
+ * to byte reads for last 4 bytes since RC_TEST returns an error when BufferLim
+ * is *reached* (not surpassed!), meaning we can't allow that to happen while
+ * there are still bytes to decode from the algorithm's point of view. */
#define RC_READ_BYTE (look_ahead_ptr < 4 ? look_ahead.raw[look_ahead_ptr++] \
- : ((((uintptr_t) Buffer & 3) || ((SizeT) (BufferLim - Buffer) < 4)) ? (*Buffer++) \
+ : ((((uintptr_t) Buffer & 3) || ((SizeT) (BufferLim - Buffer) <= 4)) ? (*Buffer++) \
: ((look_ahead.dw = *(UInt32 *)Buffer), (Buffer += 4), (look_ahead_ptr = 1), look_ahead.raw[0])))
#define RC_INIT2 Code = 0; Range = 0xFFFFFFFF; \