Re: [PATCH] lib/LzmaEnc: Validate 'len' before subtracting

From: sudhakar <sudhakar@linux.ibm.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: daniel.kiper@oracle.com, Lidong Chen <lidong.chen@oracle.com>,
	ross.philipson@oracle.com
Subject: Re: [PATCH] lib/LzmaEnc: Validate 'len' before subtracting
Date: Tue, 10 Jun 2025 23:28:13 +0530	[thread overview]
Message-ID: <108faa16e09d71c22bde78ca460c5887@linux.ibm.com> (raw)
In-Reply-To: <20250610174742.3320770-1-lidong.chen@oracle.com>

On 2025-06-10 23:17, Lidong Chen via Grub-devel wrote:
> In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
> returns a value of greater or equal to 1, which is assigned to
> 'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should be validated
> before performing "len - LZMA_MATCH_LEN_MIN" to avoid underflow
> when 'len' equals to 1.
> 
> Fixed: CID 51508
> 
> Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
> ---
>  grub-core/lib/LzmaEnc.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c
> index 52b331558..d74e96303 100644
> --- a/grub-core/lib/LzmaEnc.c
> +++ b/grub-core/lib/LzmaEnc.c
> @@ -1880,6 +1880,11 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p,
> Bool useLimits, UInt32 maxPackSize
>          UInt32 posSlot, lenToPosState;
>          RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
>          p->state = kMatchNextStates[p->state];
> +	if (len < LZMA_MATCH_LEN_MIN)
> +	  {
> +	    p->result = SZ_ERROR_DATA;
> +	    return CheckErrors(p);
> +	  }

Hi Lidong Chen,

please fix the indentation issue in if condition.

thanks,
sudhakar

>          LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN,
> posState, !p->fastMode, p->ProbPrices);
>          pos -= LZMA_NUM_REPS;
>          GetPosSlot(pos, posSlot);

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel