diff for duplicates of <20090121083418.GA5865@alice> diff --git a/a/1.txt b/N1/1.txt index 0d7427e..6881325 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,26 +1,25 @@ * Tom Rini (trini@kernel.crashing.org) wrote: > On Tue, Jan 20, 2009 at 05:47:14PM +0100, Eric Sesterhenn wrote: -> > * J=C3=B6rn Engel (joern@logfs.org) wrote: +> > * Jörn Engel (joern@logfs.org) wrote: > > > On Fri, 16 January 2009 16:07:00 -0700, Tom Rini wrote: -> > > >=20 +> > > > > > > > Sounds like a plan to me, except maybe zlib_inflate_unsafe() and a > > > > comment above the wrapper saying what/why is going on? -> > >=20 +> > > > > > Eric, will you do the honors? Since you did all the hard work before, > > > you derserve the fame as well. :) -> >=20 +> > > > Since I am not sure either about xtensa I added chris to the cc list. ->=20 +> > How about we just change all callers from arch/*/boot to use the _unsafe > version? Then.. ->=20 +> > > +/* -> > + These two wrappers decide wheter strm->next_out gets checked for N= -ULL. +> > + These two wrappers decide wheter strm->next_out gets checked for NULL. > > + The zlib_inflate_unsafe() version got added because the PPC zImage > > + gets extracted to memory address 0 and therefore > > + we avoid this check for zlib_inflate_unsafe() ->=20 +> > These two wrappers decide wheter strm->next_out gets checked for NULL. > The zlib_inflate_unsafe() version is primarily used in the pre-Linux > 'boot' directory code to allow for extraction to memory address 0 and @@ -41,37 +40,34 @@ zlib_inflate_usafe() for those and adds a check for the rest Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> ---- linux/arch/powerpc/boot/gunzip_util.c.orig 2009-01-21 09:27:39.00000000= -0 +0100 -+++ linux/arch/powerpc/boot/gunzip_util.c 2009-01-21 09:27:51.000000000 +01= -00 +--- linux/arch/powerpc/boot/gunzip_util.c.orig 2009-01-21 09:27:39.000000000 +0100 ++++ linux/arch/powerpc/boot/gunzip_util.c 2009-01-21 09:27:51.000000000 +0100 @@ -109,7 +109,7 @@ int gunzip_partial(struct gunzip_state * -=20 - state->s.next_out =3D dst; - state->s.avail_out =3D dstlen; -- r =3D zlib_inflate(&state->s, Z_FULL_FLUSH); -+ r =3D zlib_inflate_unsafe(&state->s, Z_FULL_FLUSH); - if (r !=3D Z_OK && r !=3D Z_STREAM_END) + + state->s.next_out = dst; + state->s.avail_out = dstlen; +- r = zlib_inflate(&state->s, Z_FULL_FLUSH); ++ r = zlib_inflate_unsafe(&state->s, Z_FULL_FLUSH); + if (r != Z_OK && r != Z_STREAM_END) fatal("inflate returned %d msg: %s\n\r", r, state->s.msg); - len =3D state->s.next_out - (unsigned char *)dst; ---- linux/arch/xtensa/boot/lib/zmem.c.orig 2009-01-21 09:22:44.000000000 +0= -100 + len = state->s.next_out - (unsigned char *)dst; +--- linux/arch/xtensa/boot/lib/zmem.c.orig 2009-01-21 09:22:44.000000000 +0100 +++ linux/arch/xtensa/boot/lib/zmem.c 2009-01-21 09:22:26.000000000 +0100 @@ -68,7 +68,7 @@ void gunzip (void *dst, int dstlen, unsi - s.avail_in =3D *lenp - i; - s.next_out =3D dst; - s.avail_out =3D dstlen; -- r =3D zlib_inflate(&s, Z_FINISH); -+ r =3D zlib_inflate_unsafe(&s, Z_FINISH); - if (r !=3D Z_OK && r !=3D Z_STREAM_END) { + s.avail_in = *lenp - i; + s.next_out = dst; + s.avail_out = dstlen; +- r = zlib_inflate(&s, Z_FINISH); ++ r = zlib_inflate_unsafe(&s, Z_FINISH); + if (r != Z_OK && r != Z_STREAM_END) { //puts("inflate returned "); puthex(r); puts("\n"); exit(); --- linux/include/linux/zlib.h.orig 2009-01-21 09:27:28.000000000 +0100 +++ linux/include/linux/zlib.h 2009-01-21 09:28:55.000000000 +0100 @@ -329,7 +329,23 @@ extern int zlib_inflateInit (z_streamp s */ -=20 -=20 + + -extern int zlib_inflate (z_streamp strm, int flush); +extern int __zlib_inflate (z_streamp strm, int flush, int check_out); +/* @@ -93,42 +89,42 @@ Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> /* inflate decompresses as much data as possible, and stops when the input buffer becomes empty or the output buffer becomes full. It may introduce ---- linux/lib/zlib_inflate/inflate.c.orig 2009-01-21 09:27:11.000000000 +01= -00 +--- linux/lib/zlib_inflate/inflate.c.orig 2009-01-21 09:27:11.000000000 +0100 +++ linux/lib/zlib_inflate/inflate.c 2009-01-21 09:29:10.000000000 +0100 @@ -329,7 +329,7 @@ static int zlib_inflateSyncPacket(z_stre will return Z_BUF_ERROR if it has not reached the end of the stream. */ -=20 + -int zlib_inflate(z_streamp strm, int flush) +int __zlib_inflate(z_streamp strm, int flush, int check_out) { struct inflate_state *state; const unsigned char *next; /* next input */ @@ -347,8 +347,10 @@ int zlib_inflate(z_streamp strm, int flu - static const unsigned short order[19] =3D /* permutation of code lengt= -hs */ + static const unsigned short order[19] = /* permutation of code lengths */ {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; -=20 -- /* Do not check for strm->next_out =3D=3D NULL here as ppc zImage -- inflates to strm->next_out =3D 0 */ + +- /* Do not check for strm->next_out == NULL here as ppc zImage +- inflates to strm->next_out = 0 */ + /* We only check strm->next_out if the caller requests it, + since ppc extracts the ppc zImage to 0 */ + if (check_out && !strm->next_out) + return Z_STREAM_ERROR; -=20 - if (strm =3D=3D NULL || strm->state =3D=3D NULL || - (strm->next_in =3D=3D NULL && strm->avail_in !=3D 0)) ---- linux/lib/zlib_inflate/inflate_syms.c.orig 2009-01-21 09:27:16.00000000= -0 +0100 -+++ linux/lib/zlib_inflate/inflate_syms.c 2009-01-21 09:27:51.000000000 +01= -00 + + if (strm == NULL || strm->state == NULL || + (strm->next_in == NULL && strm->avail_in != 0)) +--- linux/lib/zlib_inflate/inflate_syms.c.orig 2009-01-21 09:27:16.000000000 +0100 ++++ linux/lib/zlib_inflate/inflate_syms.c 2009-01-21 09:27:51.000000000 +0100 @@ -11,7 +11,7 @@ #include <linux/zlib.h> -=20 + EXPORT_SYMBOL(zlib_inflate_workspacesize); -EXPORT_SYMBOL(zlib_inflate); +EXPORT_SYMBOL(__zlib_inflate); EXPORT_SYMBOL(zlib_inflateInit2); EXPORT_SYMBOL(zlib_inflateEnd); EXPORT_SYMBOL(zlib_inflateReset); +-- +To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 22c5731..31edc8c 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -9,37 +9,37 @@ "Subject\0Re: [Patch] NULL pointer deref with corrupted squashfs image\0" "Date\0Wed, 21 Jan 2009 09:34:18 +0100\0" "To\0Tom Rini <trini@kernel.crashing.org>\0" - "Cc\0chris@zankel.net" + "Cc\0J\303\266rn Engel <joern@logfs.org>" phillip@lougher.demon.co.uk - " J\303\266rn Engel <joern@logfs.org>" - linuxppc-dev@ozlabs.org + linux-fsdevel@vger.kernel.org + jacmet@sunsite.dk rpurdie@rpsys.net - " linux-fsdevel@vger.kernel.org\0" + linuxppc-dev@ozlabs.org + " chris@zankel.net\0" "\00:1\0" "b\0" "* Tom Rini (trini@kernel.crashing.org) wrote:\n" "> On Tue, Jan 20, 2009 at 05:47:14PM +0100, Eric Sesterhenn wrote:\n" - "> > * J=C3=B6rn Engel (joern@logfs.org) wrote:\n" + "> > * J\303\266rn Engel (joern@logfs.org) wrote:\n" "> > > On Fri, 16 January 2009 16:07:00 -0700, Tom Rini wrote:\n" - "> > > >=20\n" + "> > > > \n" "> > > > Sounds like a plan to me, except maybe zlib_inflate_unsafe() and a\n" "> > > > comment above the wrapper saying what/why is going on?\n" - "> > >=20\n" + "> > > \n" "> > > Eric, will you do the honors? Since you did all the hard work before,\n" "> > > you derserve the fame as well. :)\n" - "> >=20\n" + "> > \n" "> > Since I am not sure either about xtensa I added chris to the cc list.\n" - ">=20\n" + "> \n" "> How about we just change all callers from arch/*/boot to use the _unsafe\n" "> version? Then..\n" - ">=20\n" + "> \n" "> > +/*\n" - "> > + These two wrappers decide wheter strm->next_out gets checked for N=\n" - "ULL.\n" + "> > + These two wrappers decide wheter strm->next_out gets checked for NULL.\n" "> > + The zlib_inflate_unsafe() version got added because the PPC zImage\n" "> > + gets extracted to memory address 0 and therefore\n" "> > + we avoid this check for zlib_inflate_unsafe()\n" - ">=20\n" + "> \n" "> These two wrappers decide wheter strm->next_out gets checked for NULL.\n" "> The zlib_inflate_unsafe() version is primarily used in the pre-Linux\n" "> 'boot' directory code to allow for extraction to memory address 0 and\n" @@ -60,37 +60,34 @@ "\n" "Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>\n" "\n" - "--- linux/arch/powerpc/boot/gunzip_util.c.orig\t2009-01-21 09:27:39.00000000=\n" - "0 +0100\n" - "+++ linux/arch/powerpc/boot/gunzip_util.c\t2009-01-21 09:27:51.000000000 +01=\n" - "00\n" + "--- linux/arch/powerpc/boot/gunzip_util.c.orig\t2009-01-21 09:27:39.000000000 +0100\n" + "+++ linux/arch/powerpc/boot/gunzip_util.c\t2009-01-21 09:27:51.000000000 +0100\n" "@@ -109,7 +109,7 @@ int gunzip_partial(struct gunzip_state *\n" - "=20\n" - " \t\tstate->s.next_out =3D dst;\n" - " \t\tstate->s.avail_out =3D dstlen;\n" - "-\t\tr =3D zlib_inflate(&state->s, Z_FULL_FLUSH);\n" - "+\t\tr =3D zlib_inflate_unsafe(&state->s, Z_FULL_FLUSH);\n" - " \t\tif (r !=3D Z_OK && r !=3D Z_STREAM_END)\n" + " \n" + " \t\tstate->s.next_out = dst;\n" + " \t\tstate->s.avail_out = dstlen;\n" + "-\t\tr = zlib_inflate(&state->s, Z_FULL_FLUSH);\n" + "+\t\tr = zlib_inflate_unsafe(&state->s, Z_FULL_FLUSH);\n" + " \t\tif (r != Z_OK && r != Z_STREAM_END)\n" " \t\t\tfatal(\"inflate returned %d msg: %s\\n\\r\", r, state->s.msg);\n" - " \t\tlen =3D state->s.next_out - (unsigned char *)dst;\n" - "--- linux/arch/xtensa/boot/lib/zmem.c.orig\t2009-01-21 09:22:44.000000000 +0=\n" - "100\n" + " \t\tlen = state->s.next_out - (unsigned char *)dst;\n" + "--- linux/arch/xtensa/boot/lib/zmem.c.orig\t2009-01-21 09:22:44.000000000 +0100\n" "+++ linux/arch/xtensa/boot/lib/zmem.c\t2009-01-21 09:22:26.000000000 +0100\n" "@@ -68,7 +68,7 @@ void gunzip (void *dst, int dstlen, unsi\n" - " s.avail_in =3D *lenp - i;\n" - " s.next_out =3D dst;\n" - " s.avail_out =3D dstlen;\n" - "- r =3D zlib_inflate(&s, Z_FINISH);\n" - "+ r =3D zlib_inflate_unsafe(&s, Z_FINISH);\n" - " if (r !=3D Z_OK && r !=3D Z_STREAM_END) {\n" + " s.avail_in = *lenp - i;\n" + " s.next_out = dst;\n" + " s.avail_out = dstlen;\n" + "- r = zlib_inflate(&s, Z_FINISH);\n" + "+ r = zlib_inflate_unsafe(&s, Z_FINISH);\n" + " if (r != Z_OK && r != Z_STREAM_END) {\n" " //puts(\"inflate returned \"); puthex(r); puts(\"\\n\");\n" " exit();\n" "--- linux/include/linux/zlib.h.orig\t2009-01-21 09:27:28.000000000 +0100\n" "+++ linux/include/linux/zlib.h\t2009-01-21 09:28:55.000000000 +0100\n" "@@ -329,7 +329,23 @@ extern int zlib_inflateInit (z_streamp s\n" " */\n" - "=20\n" - "=20\n" + " \n" + " \n" "-extern int zlib_inflate (z_streamp strm, int flush);\n" "+extern int __zlib_inflate (z_streamp strm, int flush, int check_out);\n" "+/*\n" @@ -112,44 +109,44 @@ " /*\n" " inflate decompresses as much data as possible, and stops when the input\n" " buffer becomes empty or the output buffer becomes full. It may introduce\n" - "--- linux/lib/zlib_inflate/inflate.c.orig\t2009-01-21 09:27:11.000000000 +01=\n" - "00\n" + "--- linux/lib/zlib_inflate/inflate.c.orig\t2009-01-21 09:27:11.000000000 +0100\n" "+++ linux/lib/zlib_inflate/inflate.c\t2009-01-21 09:29:10.000000000 +0100\n" "@@ -329,7 +329,7 @@ static int zlib_inflateSyncPacket(z_stre\n" " will return Z_BUF_ERROR if it has not reached the end of the stream.\n" " */\n" - "=20\n" + " \n" "-int zlib_inflate(z_streamp strm, int flush)\n" "+int __zlib_inflate(z_streamp strm, int flush, int check_out)\n" " {\n" " struct inflate_state *state;\n" " const unsigned char *next; /* next input */\n" "@@ -347,8 +347,10 @@ int zlib_inflate(z_streamp strm, int flu\n" - " static const unsigned short order[19] =3D /* permutation of code lengt=\n" - "hs */\n" + " static const unsigned short order[19] = /* permutation of code lengths */\n" " {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};\n" - "=20\n" - "- /* Do not check for strm->next_out =3D=3D NULL here as ppc zImage\n" - "- inflates to strm->next_out =3D 0 */\n" + " \n" + "- /* Do not check for strm->next_out == NULL here as ppc zImage\n" + "- inflates to strm->next_out = 0 */\n" "+ /* We only check strm->next_out if the caller requests it,\n" "+ since ppc extracts the ppc zImage to 0 */\n" "+ if (check_out && !strm->next_out)\n" "+ return Z_STREAM_ERROR;\n" - "=20\n" - " if (strm =3D=3D NULL || strm->state =3D=3D NULL ||\n" - " (strm->next_in =3D=3D NULL && strm->avail_in !=3D 0))\n" - "--- linux/lib/zlib_inflate/inflate_syms.c.orig\t2009-01-21 09:27:16.00000000=\n" - "0 +0100\n" - "+++ linux/lib/zlib_inflate/inflate_syms.c\t2009-01-21 09:27:51.000000000 +01=\n" - "00\n" + " \n" + " if (strm == NULL || strm->state == NULL ||\n" + " (strm->next_in == NULL && strm->avail_in != 0))\n" + "--- linux/lib/zlib_inflate/inflate_syms.c.orig\t2009-01-21 09:27:16.000000000 +0100\n" + "+++ linux/lib/zlib_inflate/inflate_syms.c\t2009-01-21 09:27:51.000000000 +0100\n" "@@ -11,7 +11,7 @@\n" " #include <linux/zlib.h>\n" - "=20\n" + " \n" " EXPORT_SYMBOL(zlib_inflate_workspacesize);\n" "-EXPORT_SYMBOL(zlib_inflate);\n" "+EXPORT_SYMBOL(__zlib_inflate);\n" " EXPORT_SYMBOL(zlib_inflateInit2);\n" " EXPORT_SYMBOL(zlib_inflateEnd);\n" - EXPORT_SYMBOL(zlib_inflateReset); + " EXPORT_SYMBOL(zlib_inflateReset);\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-fsdevel\" in\n" + "the body of a message to majordomo@vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -559f59d6bb65b069e4fa85221893c92812cf1b9ae242ff51462c0c3a9d7040c6 +a8fa1d44ad55608885d7cc65eb11a8ee24ad7cd9268d40568b5e30fdf6eb1fea
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.