Re: LZ4 : fix the data abort issue.
From: David Sterba
Date: Fri Mar 13 2015 - 07:22:53 EST
On Thu, Mar 12, 2015 at 08:28:55AM +0000, Yeon, JeHyeon (Tom) wrote:
> If the part of the compression data are corrupted, or the compression
> data is totally fake, the memory access over the limit is possible.
>
> This is the log from my system usning lz4 decompression.
> [6502]data abort, halting
> [6503]r0 0x00000000 r1 0x00000000 r2 0xdcea0ffc r3 0xdcea0ffc
> [6509]r4 0xb9ab0bfd r5 0xdcea0ffc r6 0xdcea0ff8 r7 0xdce80000
> [6515]r8 0x00000000 r9 0x00000000 r10 0x00000000 r11 0xb9a98000
> [6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc 0x820149bc
> [6528]spsr 0x400001f3
> and the memory addresses of some variables at the moment are
> ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000
>
> As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory
> over @oend.
>
> Signed-off-by: tom.yeon <tom.yeon@xxxxxxxxxxxxx>
Reviewed-by: David Sterba <dsterba@xxxxxxx>
Matches implementation in lz4 upstream.
Btw, why is it a reply and not a standalone patch? I don't seem to find
any prior message in relevant mailinglists.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/