diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-11-28 00:05:43 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-11-28 00:05:43 +0000 |
| commit | 8324e47f739020e8c6f0c11588b5435bf53f4590 (patch) | |
| tree | 9e0f058a7450c9e97fc745899e6ee4fcd714dc63 | |
| parent | dd8372c4eb2738e142d708d32f932f8647a3a9bd (diff) | |
| parent | e5688bf8804efb757a9b73442b22084f186335d3 (diff) | |
| download | elfutils-android14-qpr2-s3-release.tar.gz | |
Snap for 11146061 from e5688bf8804efb757a9b73442b22084f186335d3 to 24Q1-releaseandroid-14.0.0_r33android-14.0.0_r32android-14.0.0_r31android-14.0.0_r30android-14.0.0_r29android14-qpr2-s3-releaseandroid14-qpr2-s2-releaseandroid14-qpr2-s1-releaseandroid14-qpr2-release
Change-Id: I9f32c5982c818351935f40b3b11e0fad25dc01a1
| -rw-r--r-- | libelf/elf_compress.c | 2 | ||||
| -rw-r--r-- | patches/libelf-check-decompressed-ZSTD-size.patch | 33 |
2 files changed, 34 insertions, 1 deletions
diff --git a/libelf/elf_compress.c b/libelf/elf_compress.c index f13b41ba..e3ecab32 100644 --- a/libelf/elf_compress.c +++ b/libelf/elf_compress.c @@ -421,7 +421,7 @@ __libelf_decompress_zstd (void *buf_in, size_t size_in, size_t size_out) } size_t ret = ZSTD_decompress (buf_out, size_out, buf_in, size_in); - if (ZSTD_isError (ret)) + if (unlikely (ZSTD_isError (ret)) || unlikely (ret != size_out)) { free (buf_out); __libelf_seterrno (ELF_E_DECOMPRESS_ERROR); diff --git a/patches/libelf-check-decompressed-ZSTD-size.patch b/patches/libelf-check-decompressed-ZSTD-size.patch new file mode 100644 index 00000000..6c76fac1 --- /dev/null +++ b/patches/libelf-check-decompressed-ZSTD-size.patch @@ -0,0 +1,33 @@ +From 03c171947cc538b04957ac2222ce86e7c0170bd1 Mon Sep 17 00:00:00 2001 +From: Aleksei Vetrov <vvvvvv@google.com> +Date: Thu, 23 Nov 2023 15:31:47 +0000 +Subject: [PATCH] libelf: check decompressed ZSTD size + +Decompression functions like __libelf_decompress_zlib check that +decompressed data has the same size as it was declared in the header +(size_out argument). The same check is now added to +__libelf_decompress_zstd to make sure that the whole allocated buffer is +initialized. + + * libelf/elf_compress.c (__libelf_decompress_zstd): Use return value + of ZSTD_decompress to check that decompressed data size is the + same as size_out of the buffer that was allocated. + +Signed-off-by: Aleksei Vetrov <vvvvvv@google.com> + +diff --git a/libelf/elf_compress.c b/libelf/elf_compress.c +index c7283c6a..0ad6a32a 100644 +--- a/libelf/elf_compress.c ++++ b/libelf/elf_compress.c +@@ -422,7 +422,7 @@ __libelf_decompress_zstd (void *buf_in, size_t size_in, size_t size_out) + } + + size_t ret = ZSTD_decompress (buf_out, size_out, buf_in, size_in); +- if (ZSTD_isError (ret)) ++ if (unlikely (ZSTD_isError (ret)) || unlikely (ret != size_out)) + { + free (buf_out); + __libelf_seterrno (ELF_E_DECOMPRESS_ERROR); +-- +2.43.0.rc1.413.gea7ed67945-goog + |