This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-unstable] Decompressors: check for read errors in u

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] Decompressors: check for read errors in unlzma.c
From: Xen patchbot-unstable <patchbot@xxxxxxx>
Date: Fri, 11 Nov 2011 21:11:14 +0000
Delivery-date: Fri, 11 Nov 2011 13:13:22 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Lasse Collin <lasse.collin@xxxxxxxxxxx>
# Date 1321018377 -3600
# Node ID fe9a59ff84750086b731c5be84417f8d302d84db
# Parent  71abe73298b321ce168cf1a496615d06deb86220
Decompressors: check for read errors in unlzma.c

From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

Return value of rc->fill() is checked in rc_read() and error() is called
when needed, but then the code continues as if nothing had happened.

rc_read() is a void function and it's on the top of performance critical
call stacks, so propagating the error code via return values doesn't sound
like the best fix.  It seems better to check rc->buffer_size (which holds
the return value of rc->fill()) in the main loop.  It does nothing bad
that the code runs a little with unknown data after a failed rc->fill().

This fixes an infinite loop in initramfs decompression if the
LZMA-compressed initramfs image is corrupt.

Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>

diff -r 71abe73298b3 -r fe9a59ff8475 xen/common/unlzma.c
--- a/xen/common/unlzma.c       Fri Nov 11 14:32:03 2011 +0100
+++ b/xen/common/unlzma.c       Fri Nov 11 14:32:57 2011 +0100
@@ -625,6 +625,8 @@
                        if (cst.rep0 == 0)
+               if (rc.buffer_size <= 0)
+                       goto exit_3;
        if (posp)
@@ -632,6 +634,7 @@
        if (wr.flush)
                wr.flush(wr.buffer, wr.buffer_pos);
        ret = 0;
        if (!output)

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] Decompressors: check for read errors in unlzma.c, Xen patchbot-unstable <=