[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 1/2] Revert "lzo: properly check for overruns"

To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 03 Nov 2014 15:01:59 +0000
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>
Delivery-date: Mon, 03 Nov 2014 15:02:07 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

This reverts commit 504f70b6 ("lzo: properly check for overruns").

As analysed by Willem Pinckaers, this fix is still incomplete on
certain rare corner cases, and it is easier to restart from the
original code.

Reported-by: Willem Pinckaers <willem@xxxxxxxxxxxxxx>
Signed-off-by: Willy Tarreau <w@xxxxxx>
[original Linux commit: af958a38]
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/lzo.c
+++ b/xen/common/lzo.c
@@ -375,31 +375,11 @@ int lzo1x_1_compress(const unsigned char
  *  Richard Purdie <rpurdie@xxxxxxxxxxxxxx>
  */
 
-#define HAVE_IP(t, x)                              \
-    (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
-     (((t + x) >= t) && ((t + x) >= x)))
-
-#define HAVE_OP(t, x)                              \
-    (((size_t)(op_end - op) >= (size_t)(t + x)) && \
-     (((t + x) >= t) && ((t + x) >= x)))
-
-#define NEED_IP(t, x)                \
-    do {                             \
-        if (!HAVE_IP(t, x))          \
-            goto input_overrun;      \
-    } while (0)
-
-#define NEED_OP(t, x)                \
-    do {                             \
-        if (!HAVE_OP(t, x))          \
-            goto output_overrun;     \
-    } while (0)
-
-#define TEST_LB(m_pos)               \
-    do {                             \
-        if ((m_pos) < out)           \
-            goto lookbehind_overrun; \
-    } while (0)
+#define HAVE_IP(x)     ((size_t)(ip_end - ip) >= (size_t)(x))
+#define HAVE_OP(x)     ((size_t)(op_end - op) >= (size_t)(x))
+#define NEED_IP(x)     if (!HAVE_IP(x)) goto input_overrun
+#define NEED_OP(x)     if (!HAVE_OP(x)) goto output_overrun
+#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
 
 int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
                           unsigned char *out, size_t *out_len)
@@ -434,14 +414,14 @@ int lzo1x_decompress_safe(const unsigned
                     while (unlikely(*ip == 0)) {
                         t += 255;
                         ip++;
-                        NEED_IP(1, 0);
+                        NEED_IP(1);
                     }
                     t += 15 + *ip++;
                 }
                 t += 3;
  copy_literal_run:
 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
-                if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
+                if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
                     const unsigned char *ie = ip + t;
                     unsigned char *oe = op + t;
                     do {
@@ -457,8 +437,8 @@ int lzo1x_decompress_safe(const unsigned
                 } else
 #endif
                 {
-                    NEED_OP(t, 0);
-                    NEED_IP(t, 3);
+                    NEED_OP(t);
+                    NEED_IP(t + 3);
                     do {
                         *op++ = *ip++;
                     } while (--t > 0);
@@ -471,7 +451,7 @@ int lzo1x_decompress_safe(const unsigned
                 m_pos -= t >> 2;
                 m_pos -= *ip++ << 2;
                 TEST_LB(m_pos);
-                NEED_OP(2, 0);
+                NEED_OP(2);
                 op[0] = m_pos[0];
                 op[1] = m_pos[1];
                 op += 2;
@@ -495,10 +475,10 @@ int lzo1x_decompress_safe(const unsigned
                 while (unlikely(*ip == 0)) {
                     t += 255;
                     ip++;
-                    NEED_IP(1, 0);
+                    NEED_IP(1);
                 }
                 t += 31 + *ip++;
-                NEED_IP(2, 0);
+                NEED_IP(2);
             }
             m_pos = op - 1;
             next = get_unaligned_le16(ip);
@@ -513,10 +493,10 @@ int lzo1x_decompress_safe(const unsigned
                 while (unlikely(*ip == 0)) {
                     t += 255;
                     ip++;
-                    NEED_IP(1, 0);
+                    NEED_IP(1);
                 }
                 t += 7 + *ip++;
-                NEED_IP(2, 0);
+                NEED_IP(2);
             }
             next = get_unaligned_le16(ip);
             ip += 2;
@@ -530,7 +510,7 @@ int lzo1x_decompress_safe(const unsigned
 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
         if (op - m_pos >= 8) {
             unsigned char *oe = op + t;
-            if (likely(HAVE_OP(t, 15))) {
+            if (likely(HAVE_OP(t + 15))) {
                 do {
                     COPY8(op, m_pos);
                     op += 8;
@@ -540,7 +520,7 @@ int lzo1x_decompress_safe(const unsigned
                     m_pos += 8;
                 } while (op < oe);
                 op = oe;
-                if (HAVE_IP(6, 0)) {
+                if (HAVE_IP(6)) {
                     state = next;
                     COPY4(op, ip);
                     op += next;
@@ -548,7 +528,7 @@ int lzo1x_decompress_safe(const unsigned
                     continue;
                 }
             } else {
-                NEED_OP(t, 0);
+                NEED_OP(t);
                 do {
                     *op++ = *m_pos++;
                 } while (op < oe);
@@ -557,7 +537,7 @@ int lzo1x_decompress_safe(const unsigned
 #endif
         {
             unsigned char *oe = op + t;
-            NEED_OP(t, 0);
+            NEED_OP(t);
             op[0] = m_pos[0];
             op[1] = m_pos[1];
             op += 2;
@@ -570,15 +550,15 @@ int lzo1x_decompress_safe(const unsigned
         state = next;
         t = next;
 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
-        if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
+        if (likely(HAVE_IP(6) && HAVE_OP(4))) {
             COPY4(op, ip);
             op += t;
             ip += t;
         } else
 #endif
         {
-            NEED_IP(t, 3);
-            NEED_OP(t, 0);
+            NEED_IP(t + 3);
+            NEED_OP(t);
             while (t > 0) {
                 *op++ = *ip++;
                 t--;

Attachment: lzo-revert-504f70b6.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 0/2] lzo: refine overrun checking
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [qemu-mainline test] 31329: regressions - FAIL
Next by Date: [Xen-devel] [PATCH 2/2] lzo: check for length overrun in variable length encoding
Previous by thread: [Xen-devel] [PATCH 0/2] lzo: refine overrun checking
Next by thread: [Xen-devel] [PATCH 2/2] lzo: check for length overrun in variable length encoding
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.