[coreboot] Patch set updated for coreboot: 23b9620 lib: Prevent unaligned memory access in LZMA decode library.

David Hendricks (dhendrix@chromium.org) gerrit at coreboot.org
Fri Feb 1 02:19:59 CET 2013

David Hendricks (dhendrix at chromium.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/2246


commit 23b962036c01e42452157afcf07d3fd0c29ebc50
Author: Hung-Te Lin <hungte at chromium.org>
Date:   Thu Jan 31 12:14:46 2013 +0800

    lib: Prevent unaligned memory access in LZMA decode library.
    LZMA decode library used to retrieve output size by:
      outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE);
    'src' is aligned but LZMA_PROPERTIES_SIZE may refer to an unaligned address like
    src+5, and using that as integer pointer may fail on platforms like ARM.
    To fix this, use memcpy to copy into aligned variable outSize.
    Change-Id: If678e735cb270c3e5e29f36f1fad318096bf7d59
    Signed-off-by: Hung-Te Lin <hungte at chromium.org>
 src/lib/lzma.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lib/lzma.c b/src/lib/lzma.c
index f0b88c1..a2d91d1 100644
--- a/src/lib/lzma.c
+++ b/src/lib/lzma.c
@@ -31,7 +31,8 @@ unsigned long ulzma(unsigned char * src, unsigned char * dst)
 	unsigned char scratchpad[15980];
 	memcpy(properties, src, LZMA_PROPERTIES_SIZE);
-	outSize = *(UInt32 *)(src + LZMA_PROPERTIES_SIZE);
+	/* Do memcpy to prevent unaligned memory access. */
+	memcpy(&outSize, src + LZMA_PROPERTIES_SIZE, sizeof(outSize));
 	if (LzmaDecodeProperties(&state.Properties, properties, LZMA_PROPERTIES_SIZE) != LZMA_RESULT_OK) {
 		printk(BIOS_WARNING, "lzma: Incorrect stream properties.\n");
 		return 0;

More information about the coreboot mailing list