From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754537AbbCMNYG (ORCPT ); Fri, 13 Mar 2015 09:24:06 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:54772 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750774AbbCMNYD (ORCPT ); Fri, 13 Mar 2015 09:24:03 -0400 Date: Fri, 13 Mar 2015 14:23:59 +0100 From: "gregkh@linuxfoundation.org" To: "Yeon, JeHyeon (Tom)" Cc: "linux-kernel@vger.kernel.org" Subject: Re: LZ4 : fix the data abort issue. Message-ID: <20150313132359.GA16125@kroah.com> References: <20150312074918.GC31132@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 12, 2015 at 08:28:55AM +0000, Yeon, JeHyeon (Tom) wrote: > If the part of the compression data are corrupted, or the compression > data is totally fake, the memory access over the limit is possible. > > This is the log from my system usning lz4 decompression. > [6502]data abort, halting > [6503]r0 0x00000000 r1 0x00000000 r2 0xdcea0ffc r3 0xdcea0ffc > [6509]r4 0xb9ab0bfd r5 0xdcea0ffc r6 0xdcea0ff8 r7 0xdce80000 > [6515]r8 0x00000000 r9 0x00000000 r10 0x00000000 r11 0xb9a98000 > [6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc 0x820149bc > [6528]spsr 0x400001f3 > and the memory addresses of some variables at the moment are > ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000 > > As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory > over @oend. > > Signed-off-by: tom.yeon I need a "real" name here, I somehow doubt that your government documents has your name as "tom.yeon", right? Please fix this up and resend so that I can apply it. thanks, greg k-h