On Thu, 2007-05-24 at 01:04 +0530, Satyam Sharma wrote:
> On 5/23/07, Nitin Gupta <nitingupta910@xxxxxxxxx> wrote:
> > [...]
> > +/* Macros for 'safe' decompression */
> > +#ifdef LZO1X_DECOMPRESS_SAFE
> > +
> > +#define lzo1x_decompress lzo1x_decompress_safe
> > +#define TEST_IP (ip < ip_end)
> > +#define NEED_IP(x) \
> > + if ((size_t)(ip_end - ip) < (size_t)(x)) goto input_overrun
> > +#define NEED_OP(x) \
> > + if ((size_t)(op_end - op) < (size_t)(x)) goto output_overrun
> > +#define TEST_LB(m_pos) \
> > + if (m_pos < out || m_pos >= op) goto lookbehind_overrun
> > +#define HAVE_TEST_IP
> > +#define HAVE_ANY_OP
> > +
> > +#else /* !LZO1X_DECOMPRESS_SAFE */
> > +
> > +#define TEST_IP 1
> > +#define TEST_LB(x) ((void) 0)
> > +#define NEED_IP(x) ((void) 0)
> > +#define NEED_OP(x) ((void) 0)
> > +#undef HAVE_TEST_IP
> > +#undef HAVE_ANY_OP
> > +
> > +#endif /* LZO1X_DECOMPRESS_SAFE */
>
> ... ugh. Yes, extracting the common stuff between the _safe and _unsafe
> variants in a common low-level __lzo1x_decompress kind of function
> definitely looks doable. The low-level function could simply take an extra
> argument (say, set by the _safe and _unsafe wrappers) that tells it
> whether it is being called as safe or unsafe ... helps us get rid of the
> disruptions to all the Makefiles above and these #ifdef's ugliness ...
I suspect it will probably damage performance unless the compiler is
very clever and I don't trust compilers that much...
> BTW, it'd be really cool if Richard and yourself could get together and
> pool your energies / efforts to develop a common / same patchset for this.
> (I wonder how different your implementations are, actually, and if there
> are any significant performance disparities, especially.) I really like your
> work, as it clears up the major gripe I had with Richard's patchset -- the
> ugliness (and monstrosity) of it. But he's also worked up the glue code for
> cryptoapi / jffs2 etc for this, so no point duplicating his efforts.
All I will add is that after the amendment I made, the ugliness in my
patchset is confined to one file now and I still think its the better
approach to take.
My main concerns with this patch are that:
* from the security point of view its not tried and tested code
* I'm not 100% confident in what Nitin has done with the code from a
buffer overflow/security PoV
* its not tested on many architectures
* the performance implications of the rewrite are unknown
In theory both sets of code should result in the output bytecode if the
compiler does its job properly. Ideally I'd like to compare the
performance of them as well as have a look at the code. I'm not quite
sure when I'm going to have time for this though :/.
Also, I did notice you had the error defines in two header files. They
should only exist in one place and the LZO implementation should be
including the copy in linux/.